By BUFFERZONE Team, 7/06/2021
RaaS: The New Economics of Ransomware
The following is an excerpt; read the full article here.
Ransomware is no longer just about the individual hacker. A recent economic model, patterned after the marketing world, is fueling sophisticated ransomware campaigns. Ransomware-as-a-Service is not only increasing the incidence of and variety of ransomware attacks but also making them harder to detect and to defend from.
What is Ransomware-as-a-Service?
A ‘successful’ ransomware attack requires many components: beyond the software itself, which encrypts targets’ files and demands a ransom, a mechanism must be set up to receive payments, the ransomware needs to be packaged for delivery to target computers, and an exploit or social engineering campaign needs to be designed and implemented, often tailored with targets’ personal information for greater authenticity (spear phishing).
Ransomware-as-a-service (RaaS) separates some of these components: a service provider provides the ransomware itself, with customization options, as a web service on the dark web. This enables individual attackers to create their own distribution and delivery campaigns for the provided software payload. Revenue – that is, the ransoms – is divided between the ransomware provider and the distributor.
The June update to BUFFERZONE 7.0 introduces many new features:
- Endpoint MFA: As an added-value feature of the BUFFERZONE agent, on agent endpoints, you can now replace Windows authentication with two-factor authentication (MFA / 2FA) from your organizational provider (currently supported: Azure Active Directory). Learn more
- Learn mode: For BUFFERZONE policy planning and troubleshooting, you can now allow users to suspend virtual repository protection, tamper protection and network separation. These will log only without actually blocking. Learn more
- Safe Mail bridge UI: When Safe Mail disarms an attachment, the Bridge UI is now displayed as for other disarming operations.
- Log archive: Upon clicking Clear logs in the agent UI, the agent now first archives logs to c:\program files (x86)\bufferzone\report.zip .
- Auto-update improvements: You can now schedule the time for endpoint agents to automatically update. The agent UI also provides update availability indicators and enables users to initiate the update. Learn more
- Tamper protection read-only logs: New event IDs for tamper protection denying write access upon registry key creation or access. Learn more
- Network transport inbound logs: New event ID for Events pertaining to inbound UDP and ICMP data. Learn more
BUFFERZONE is available in two editions:
- Standalone: The BUFFERZONE Standalone edition places control in the user’s hands. The user has control over browser containment and other features, in the BUFFERZONE agent UI.
Depending on license, the Standalone can include Safe Browsing, Safe Mail, and Safe Removables.
- Enterprise: The BUFFERZONE Enterprise edition enables centralized organizational deployment and policy management, for a wide range of BUFFERZONE features according to license, from the BUFFERZONE Management Server (BZMS).