The cybersecurity landscape changes every day, with new actors, new threats, new schemes, and new ways to infiltrate websites, emails, devices, and almost anything that is connected to the internet. We’re constantly reading about the rise of spear phishing, DDoS attacks, global malware threats, ransomware, CEO fraud, and more.
Despite all of the attention that cybersecurity is receiving, there is still a widely held belief in the small- to medium-sized business (SMB) community that cyberattacks happen to someone else. I call this the “Ostrich Effect”—read more about it in this blog: Cybersecurity and the Ostrich effect.
There is a popular theory that when an ostrich senses danger, it buries its head in the sand. In fact, this isn’t true, but it has spawned a few theories that psychiatrists call the “Ostrich Effect.” Apparently, this is something that is prevalent in humans; it is our natural instinct to avoid unpleasant or difficult news or situations. Unfortunately, hiding from a problem doesn’t make it go away. It just continues without you, delaying the inevitable.
This is the state of cybersecurity in the SMB market today. The threat exists. It’s real. It’s growing. It is not going away, and if we continue to bury our heads in the sand, it is going to get much worse.
Enter Ransomware as a Service (RaaS), the latest, scariest, and most easily proliferated cybercriminal product on the market today. RaaS is sold on the Dark Web as a kit. For as little as $40 to $400, anyone can buy it. It is designed so that almost anyone with or without technical expertise can launch a ransomware attack.
In fact, one of the most prolific of the RaaS kit creators is The Rainmakers Labs. According to Bill Brenner on Sophos® News, The Rainmakers Labs run their business the same way a legitimate software company does to sell its products and services. While it sells RaaS on marketplaces hidden on the Dark Web, it hosts a production-quality “intro” video on YouTube®, explaining the nuts and bolts of the kit and how to customize the ransomware with a range of feature options. A detailed “Help Guide,” walking customers through set-up is also available on a .com website.
SMBs should be aware of this threat. While RaaS has been around for a while, it has now reached mainstream marketing channels and may be used by anyone with the desire to commit cyberextortion.
By enabling individuals with little to no technical experience, RaaS opens the door for a whole new breed of cybercriminal. These “cybernewbies” understand that by using a RaaS kit, they can shut down almost any small business by locking their files and extorting payment through untraceable bitcoin currency, and at the same time run almost no risk of getting caught.
SMBs should be aware that RaaS has changed the threat landscape, and they are at more risk than ever before. Consider these statistics:
While the news on the cybersecurity front is daunting, SMBs with a proactive plan of protection are far less likely to suffer a breach. When considering a plan for protection, these four areas should be reviewed:
A proactive approach to protection is the key to being safe for most businesses, whatever their size. It’s business 101. Remember, if you are connected, you must be protected!
Rick Miller is COO and Partner of The Tek, an MSSP specializing in risk assessment, risk mitigation, protection, and education to SMBs. Rick is a long-term veteran in the IT industry. His success has been founded in propelling start-ups and turnarounds to success and profitability. His experience has helped to grow multiple companies from start-up to profitability.
To find out more about how SolarWinds MSP can help you assess the risks to your data, click here.
© 2017 SolarWinds MSP UK Ltd. All rights reserved.