Latin America. Oswaldo Palacios of Guardicore commented that RaaS, the sale of ransomware to people without great technical knowledge, is a service offered by cybercrime groups such as Conti and is booming in Colombia, Mexico and Brazil.
This service, better known as RaaS and which gives the buyer the possibility of attacking a specific object, has increased its offer in the Latin American region due to the appearance of new groups that offer these services through the Dark Web and Deep Web.
According to Akamai's 2022 ransomware threat report, such ransomware-as-a-service groups have taken on similar operating structures to companies looking to extort, so they have practices like customer service and new employee training.
Oswaldo Palacios, senior account executive at Guardicore, estimated that a greater number of ransomware attacks carried out in 2021 were via RaaS due to its accessibility.
According to the expert, in the RaaS model "a hacker or group of hackers develop a ransomware and put it on sale on the Dark Web and Deep Web, so that anyone, without the need to have great technical knowledge, can buy it and use it to carry out sophisticated attacks against companies or public institutions in a relatively simple way"
Oswaldo explained that previously a large-scale attack operation required cybercriminals to be qualified hackers, however, now thanks to x-as-a-service models this is no longer necessary. According to their considerations, the RaaS model benefits malware developers because it allows them to focus on improving their ransomware while their affiliates focus on distribution, a highly lucrative exercise.
However, since ransomware-as-a-service groups operate similarly to software development companies, they sell or rent compact, easy-to-deploy malware kits, they even offer support services to emerging cybercriminals, thus reducing the barrier to entry, as well as accelerating the introduction and spread of attacks.
Moreover, the Akamai study reveals that Conti is one of the most lethal groups generating RaaS variants from Russia. But competition among RaaS suppliers has also increased and the emergence of new groups has been detected.
"Although there is no way to know the exact location of these cybercriminals, there are tools and methodologies to mask the location and be able to attack any target from a country other than the location of the criminals. Location is presumed due to attacked companies, language and ransom messages. On some occasions the Cyber Police have managed to track the connections or attack centers, with Colombia, Mexico and Brazil being the countries with the highest cybercriminal activity in Latin America," Palacios said.
Similarly, the Akamai report highlights that it is not surprising that Conti's attacks target specific regions. In addition, the cybercrime organization has revealed that they have several departments in charge of administration, finance and human resources, along with a classic organizational hierarchy with team leaders who depend on senior management.
How RaaS works
This service operates mostly through four ways: (1) paying a monthly subscription in exchange for using the ransomware; (2) through affiliate programs, where in addition to the monthly fee a commission is also paid from the benefits of the ransom; (3) by means of a single-use license without commission; (4) or through commissions, i.e. there is no monthly or entry fee, but the developers of the ransomware take a commission for each successful attack and ransom received.
Despite this, organizations can implement strategies to mitigate the impact of potential ransomware attacks. While it is not always possible to prevent a ransomware attack from occurring, entities can improve their ability to respond to these incidents and minimize the damage caused.
Micro-segmented data center effective prevention
Having a micro-segmented data center is relevant to protect digital assets and one of the most efficient ways to maintain a safe and smooth operation.
Oswaldo Palacios, explained that a micro-segmented data center works by authorizing communications and access in a granular way, this means "at the process level", so there would be no way in which an attacker can access important data. He even confirmed that "if the attack comes from within the organization, it cannot spread and is easily located, so we are facing a disruptive tool from the point of view of cybersecurity."
