Microsoft sounds the alarm over dangerously simple ransomware kits

Ransomware-as-a-service is a growing problem

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The rise ofransomware-as-a-service (RaaS) has lowered the barrier to entry substantially for new cybercriminal groups,Microsofthas warned.

In the second edition of itsCyber Signals report, Microsoft unpicks the dynamics of the RaaS market, which as well as easing the entry for new players serves to hide those responsible for initial access brokering, infrastructure and ransoming.

“Because RaaS actors sell their expertise to anyone willing to pay, budding cybercriminals without the technical prowess required to use backdoors or invent their own tools can simply access a victim by using ready-made penetration testing and system administrator applications to perform attacks,” the company explained.

Clarity and prioritization

The situation is only going to get worse, Microsoft said, citing data from the FBI, ENISA, and others. Apparently, the FBI’s 2021 Internet Crime Report found the total cost of cybercrime in the country exceeds $6.9 billion, while ENISA (European Union Agency for Cybersecurity) reported 10TB of data stolen byransomwareoperators each month, between May 2021 and June 2022.

To tackle this growing problem, businesses need more clarity and improved prioritization, and need to get better at sharing valuable information with their peers, both in the private and public sectors. “Security is a team sport,” Microsoft wrote.

Ransomware is more of a threat to businesses than ever before>Ransomware payments are falling as victims refuse to pay up>Here’s our take on the best DDoS protection right now

Businesses also need to set up “basic defenses”, such as multi-factor authentication (MFA), the company further states.

“While many organizations consider it too costly to implement enhanced security protocols, security hardening actually saves money. Not only will your systems become more secure, but your organization will spend less on security costs and less time responding to threats, leaving more time to focus on incoming incidents.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

For RaaS to be successful, there needs to be a ransomware developer and operator, affiliate partners to deploy it, and initial access brokers to provide the initial access viamalware.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call