How to Prevent Ransomware as a Service (RaaS) Attacks

Connections between other ransomware and APT groups have been noted. MalwareHunterTeam tweeted many similarities between Black Basta and Conti, while Trend Micro Research found correlations between Black Basta and QakBot.

SolidBit

Trend Micro Research analyzed a sample of a new SolidBit ransomware variant targeting users of popular video games and social media platforms. It’s been disguised as different applications, include a League of Legends account checker tool, and an Instagram follower bot, to lure in victims. The malicious actors behind the malware variant have also posted a job advertisement on an underground forum in June 2022 to recruit potential affiliates for their ransomware as a service activities. Affiliates stand to gain 80% of the ransomware payment as a commission.

How to prevent ransomware attacks

Ransomware remains, and always will be, a threat against businesses of all sizes. Organizations can no long take a reactive approach to cybersecurity. As ransom demands increase significantly, cyber insurance carriers have mandated strict anti-ransomware security controls for organizations applying for or renewing coverage. Consider these 5 security practices to prevent ransomware attacks:

5 steps to defend against ransomware

1. Leverage cybersecurity frameworks from the Center of Internet Security (CIS) and the National Institute of Standards and Technology (NIST) for thorough guidance on prioritization and resource management, as well as filling any gaps that could be exposed by attackers.

2. Leverage a unified cybersecurity platform to remove lack of visibility and security gaps caused by disparate point products. Choose a platform that continuously monitors the entire attack surface for early signs of an attack and using advanced detection techniques such as AI-powered technologies, machine learning, and XDR.

3. Follow a zero trust approach to network security by implementing Zero Trust Network Access (ZTNA) technology. ZTNA protects the network by validating access at a point-in-time by checking that patches are installed, the app is domain-connected, etc and authenticating the user’s identity via multifactor authentication (MFA). It will also continuously monitor the user and device for risky behavior and terminate access if detected.

4. Regularly back up your files: Practice the 3-2-1 rule by creating three backups in two different formats with on stored offsite.

5. Train and test your defense strategy by cultivating a security-aware culture. This includes developing and conducting regular security skills assessment and training, as well as red team exercises and penetration tests.

Next steps

To continue improving your attack surface management against RaaS operators, check out the following resources: