In a study by cybersecurity solutions company Kaspersky, ransomware remains the most dominant Malware-as-a-Service (MaaS) used by cybercriminals over the past seven years.
From the 97 malware families distributed on the dark web and other resources, Kaspersky found that 58% are ransomware distributed under the MaaS model between 2015 and 2022. Ransomware can easily raise profits from the victims especially when organizations fail to back up their data. Like other malware, ransomware encrypts stolen data, and perpetrators demand payment to decrypt it.
Kaspersky researchers also found that cybercriminals often lease infostealers (which accounted for 24% of malware families), botnets, loaders, and backdoors to carry out their attacks. They pay something around $100-$300 and and $4,900 for botnets with options of per-month or annual payments.
Kaspersky uncovers new mobile APT campaign vs iOS devices
Kaspersky: Malware downloader installs crypto-stealing browser extension
Another factor that ransomware is the most popular malware is that it is free.
Protect your organization
“Once cybercriminals become partners in the program, they pay for the service after the attack happens,” Kaspersky explained in its report. “The payment amount is determined by a percentage of the ransom paid by the victim, typically ranging from 10% to 40% of each transaction.”
But like any “business deal,” the transaction requires stringent qualifications.
To protect your organization from related threats, Kaspersky experts recommend:
- Always keep software updated on all the devices you use to prevent attackers from infiltrating your network by exploiting vulnerabilities. Install patches for new vulnerabilities as soon as possible. Once it is downloaded, threat actors can no longer abuse the vulnerability.
- Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.
- Use Kaspersky Digital Footprint Intelligence to help security analysts explore an adversary’s view of their company resources, promptly discover the potential attack vectors available to them. This also helps raise awareness about existing threats from cybercriminals in order to adjust your defenses accordingly or take counter and elimination measures timely.
- If you are faced with an incident, Kaspersky Incident Response service will help you respond and minimize the consequences, in particular they can identify compromised nodes and protect the infrastructure from similar attacks in the future.