This year has seen a surge of ransomware attacks and all indications point to an increasing escalation of attacks in the coming months and years. At the center of these escalations is the Ransomware as a Service (RaaS) business model that has been adopted by many cybercriminals to launch attacks on their victims.
As veterinary practices, understanding the Ransomware as a Service business model of the modern cyberattacks is needed when confronting the growing threat of ransomware attacks that are targeted at us.
What is Ransomware as a Service (RaaS)?
Ransomware as a Service is an adoption of the software as a service business model by cybercriminals, only this time, rather than distributing software that is useful to businesses, organizations and veterinary practices, ransomware is distributed. In the Ransomware as a Service model, affiliates are enrolled to distribute and launch ransomware attacks on computer systems, given all the tools required to execute such attacks, including ransomware tools and awarded a percentage of each successful ransom payment from their victims.
In the past, cyberattacks were only carried out by individuals or organizations with the skill set of developing their own malware, distributing, and launching attacks. However, the adoption of the Ransomware as a Service model allowed novice cybercriminals to also take part in launching successful cyberattacks and profiting from the multimillion-dollar criminal enterprise.
The arrangement between the affiliate ransomware distributors and ransomware developers benefits both sides. For developers, they are given access to a larger scale of attack that they would likely not achieve if they kept the ransomware to themselves and only launched their attacks in-house. For affiliate cybercriminals who subscribe to the Ransomware as a Service model to launch an attack, they are given access to ransomware tools, backend infrastructure and networks that they would otherwise not have been able to get their hands-on and can focus their attention on infiltrating networks and infecting computers.
RaaS mode of operation
Cybercriminal gangs providing Ransomware as a Service to their affiliates operate by providing RaaS kits to their potential clients. A RaaS kit may include 24/7 support, bundled offers, after-sales services, user reviews and forums to help their potential clients to navigate the technical operations that may be difficult to grasp for novice users.
During onboarding, ransomware affiliates are also given documentations of the ransomware software and step-by-step guides on how to operate and launch ransomware attacks. A backend dashboard may also be provided to track successful attacks. Affiliates are also provided with a cryptocurrency payment gateway, where they can receive their payments after successful attacks.
To earn a profit, RaaS providers have four common revenue models that include:
Monthly subscription fees: In this model, ransomware affiliates pay a monthly subscription fee to access the ransomware.
Affiliate programs: This model pays affiliates by commissions after successful cyber attacks.
One-time license fee: In this model, affiliates pay a one-time fee and they are given the ransomware. For every successful attack that results in payment, affiliates keep all the earnings to themselves.
Pure profit sharing: In this model, the affiliates and ransomware developers split the spoils of their cyberattacks amongst themselves under terms they have agreed upon.
How is understanding RaaS relevant to veterinary practice?
For years, veterinary practices have fallen victim to cyberattacks without having the full scope of these attacks. Cybercriminals have also operated behind the curtains and in secrecy, making it hard for practice owners to know the origin of their attackers and their end game.
However, the recent surge in ransomware attacks and the continued popularity of Ransomware as a Service operation, is for the first time, offering veterinary practices a glimpse into the process that goes behind the curtains to launch a successful attack targeting them. Practice owners are now able to look at granular details behind the motive of their attack and from whom it is coming from.
Understanding RaaS attacks on veterinary practices
The next cyber attack on your veterinary practice may not come from a skilled cybercriminal but from a novice RaaS affiliate looking to make a profit from you. This makes sense, considering most attacks are aimed at small and medium veterinary practices that attackers assume are easy to compromise and hence victimize.
In most attacks, RaaS affiliates breach their victims’ computer systems through phishing attacks, a method used to steal sensitive data such as passwords and payment details through seemingly innocuous sources. Emails phishing being the most common and most effective form of phishing, involves presenting an email as legit and directing potential victims to click on a link that seems innocuous to users.
When clicked, the process of cyberattacks begins, which includes downloading payload to their victims’ computer. Once downloaded, the first target of the ransomware is deactivating all security measures that you may have set up, including antimalware/antivirus software and firewalls.
After deactivating all your security measures, the ransomware program can now operate without limits, sending some of your critical documents and files to hackers before encrypting the rest of your data. Finally, it is time to notify you that your system has been compromised and that you need to make the payment, or they either release your data on the dark web or refuse to hand over the decryption key, which can result in the loss of your entire computer system data.
After your veterinary practice is fully compromised, the extortion process begins. There is no predicting what extortion methods may involve since RaaS operators may range from novice to professionals; therefore, you should anticipate the methods to range from cruel to payment-minded.
In case of an attack by any of these RaaS affiliates, the first solution is to contact a security expert to handle the situation. It is not recommended to cave in to cybercriminal ransom demands. Paying them is also an invitation to future attacks, considering Raas cybercriminals are only in it for money.
The truth is we all get tricked at some point, but with the right tools your safe
That’s why Lucca deploys web protection tools to help notify you when that site that looks normal is actually a cyber criminal trying to steal your usernames and passwords. Combine that with our Ransomware specific protection. And you can rest easy that you are protected. Contact us today to see how Lucca can help keep your practice safe!