How to Prevent Ransomware as a Service (RaaS) Attacks

Connections between other ransomware and APT groups have been identified. MalwareHunterTeam tweeted many similarities between Black Basta and Conti, while Trend Micro Research found correlations between Black Basta and QakBot.

SolidBit

Trend Micro Research analyzed a sample of a new SolidBit ransomware variant targeting users of popular video games and social media platforms. It was disguised as various applications including a League of Legends account verification tool and an Instagram followers bot to lure victims. The malicious actors behind the malware variant also posted a job ad on an underground forum in June 2022 to recruit potential partners for their ransomware-as-a-service activities. Affiliates receive 80% of ransomware payment as commission.

How to prevent ransomware attacks

Ransomware is and always will be a threat to businesses of all sizes. Businesses can no longer take a reactive approach to cybersecurity. With ransom demands increasing significantly, cyber insurance companies have mandated strict anti-ransomware security checks for companies requesting or renewing coverage. Follow these 5 security practices to prevent ransomware attacks:

5 steps to protect against ransomware

1. Leverage cybersecurity frameworks from the Center of Internet Security (CIS) and the National Institute of Standards and Technology (NIST) for thorough guidance on prioritization and resource management, as well as filling in gaps attackers might uncover.

2. Leverage a unified cybersecurity platform Eliminate lack of visibility and security vulnerabilities caused by disparate point products. Choose a platform that continuously monitors the entire attack surface for early signs of an attack, using advanced detection techniques such as AI-powered technologies, machine learning, and XDR.

3. Follow a Zero Trust approach to network security by implementing Zero Trust Network Access (ZTNA) technology. ZTNA protects the network by validating access at a given point in time by checking if patches are installed, the app is connected to a domain, etc. and authenticating the user’s identity via multi-factor authentication (MFA). Also, it continuously monitors the user and device for risky behavior and terminates access if detected.

4. Back up your files regularly: Practice the 3-2-1 rule by making three backups in two different formats and storing them offsite.

5. train and test Your defense strategy by cultivating a security-conscious culture. This includes developing and conducting regular security competency assessments and training, as well as red team drills and penetration testing.

Next Steps

Check out the following resources to further improve your attack surface management against RaaS operators: