I used to think hackers only went after "big fish" like MGM or hospitals. But lately, it seems like the local bakery and the 10-person law firm are getting hit. Is this because of "Ransomware-as-a-Service" (RaaS)? Does this mean even low-level criminals can now launch sophisticated attacks for a few hundred dollars? How do we stop an attacker who has nothing to lose?
3 answers
RaaS has completely changed the economics of cybercrime. In late 2023, the barrier to entry dropped to zero. Amateur hackers—called "affiliates"—can rent the encryption tools and the support team from a major gang for a percentage of the ransom. They target SMBs because they know small firms have weaker security and are more likely to pay a $20k ransom just to get their files back. To stop them, you have to be "too expensive" to hack. If your RDP ports are closed, your software is patched, and you have MFA, the RaaS affiliate will move on to an easier target. They are looking for volume, not a challenge.
Melissa, if they are looking for volume, does that mean "Security through Obscurity" (like hiding your server name) actually works against these amateur RaaS hackers?
Offline backups are the only 100% cure. If your backup isn't connected to the network, the ransomware can't reach it. Simple as that.
Danielle, the "3-2-1" rule still reigns supreme. Three copies, two media types, one offline. It’s the ultimate fallback for any RaaS attack.
Steven, not really. These guys use automated bots that scan the entire internet for "low-hanging fruit." They don't search for your company name; they search for "Open Port 3389" or "Outdated WordPress." Hiding your name doesn't matter if your IP address is broadcasting a vulnerability. The best defense is to be "hard to crack" at the perimeter. Use a firewall, disable unused services, and keep everything updated. If the automated scan finds a "locked door," the bot usually just moves to the next IP address in its list.