February 2023 - Ophtek

What is Ransomware as a Service?

Ophtek, Phishing, Ransomware, Security, Suspicious links, UpdatesOphtek, phishing, ransomware, security, suspicious links, updatesOphtek, LLC

Feb 2023

There’s a lot of money to be made in hacking and threat actors are now turning it into a business with Ransomware as a Service (RaaS).

Ransomware, of course, is well known to anyone who steps online in the digital age. With the ability to encrypt your data and demand a ransom fee, it has not only generated headlines, but also caused significant headaches for business owners. And, with ransomware attacks increasing by 41% in 2022, it’s a strategy which is showing no signs of slowing up. Therefore, not only do you need to be aware of ransomware, but you also need to keep up with associated developments such as RaaS.

As RaaS has the potential to create attacks which are both wider ranging and easier than before, it’s crucial you understand how it operates

The Basics of Ransomware as a Service

We’re all aware of what ransomware is, but what is RaaS? After all, surely ransomware is the opposite of a service? Unfortunately, for PC owners, ransomware software and attacks are now available for hire in the form of RaaS. Similar to Software as a Service (Saas) – examples of which include Gmail and Netflix – RaaS allows threat actors to harness the power of hacking tools without having to design them. If, for example, a threat actor doesn’t have the time (or skills) to build a ransomware tool, what do they do? They purchase one.

Typically, RaaS kits are found on the dark web, so don’t expect to find them taking up space on Amazon. Depending on the sophistication of the RaaS, the cost of purchasing them can range between $30 – $5,000. Threat actors looking to purchase RaaS are also presented with several different purchasing options such as one-time fees, subscription tiers or even affiliate models. It’s estimated that over $10 billion exchanges hands each year – mostly in cryptocurrency – for RaaS kits.

Examples of RaaS include Black Basta, LockBit and DarkSide, with more available for those looking to unleash ransomware easily and quickly. These RaaS kits are also much more than just hacking software, they also offer user forums and dedicated support teams to help customers get the most out of their ransomware. Again, this is very similar to the way in which successful SaaS developers provide extra value for their product. However, whereas SaaS is provided by legitimate developers, RaaS tends to be created by criminal gangs with the sole intent of generating illegal funds.

Staying Safe from Ransomware as a Service

The end result of an RaaS attack is the same as a standard ransomware attack, so there’s nothing specific you need to do if an attack comes through RaaS. Instead, you just need to stick to good old fashioned ransomware security practices:

Update your software: if a vulnerability is present within your software, then there’s a risk this could be exploited, and ransomware given full access to your data. To counter this, make sure that you have automatic updates approved on your PC to keep it as secure as possible.
Don’t click suspicious links: you should only ever click a link if you know exactly what you are clicking on and where it will take you. Always hover your mouse cursor over a link to reveal its true destination. All it takes is for one malicious click to be activated to launch a ransomware attack.
Always back up your data: falling victim to a ransomware attack only means your data is lost if you haven’t backed it up. Therefore, save yourself a financial headache by making sure multiple backups are in place to minimize any data loss.

For more ways to secure and optimize your business technology, contact your local IT professionals.

LastPass Hit by Security Incident

Hackers, LastPass, Ophtek, password manager, Password Security, Security, strong passwordshackers, LastPass, Ophtek, password manager, security, vulnerabilityOphtek, LLC

Feb 2023

What exactly happened when LastPass, a password manager service, found itself at the center of a data breach? And what does this mean for your passwords?

Password managers provide a convenient service , one where complex passwords can be generated instantly and then, going forward, auto-fills when requested. LastPass is a successful example of what a password manager can do, but it’s a role which comes with great responsibility. Login credentials, after all, are often the difference between gaining access and being denied access to a user account. Therefore, password managers need to be sure the credentials they hold are highly secure.

However, as LastPass users are now finding out, password managers are highly tempting to threat actors, and far from 100% secure.

How LastPass was Hacked

Used by millions of users all over the world, LastPass has established itself as one of the leading password managers. Unfortunately, this credibility has been rocked by revelations that the service’s encrypted password vaults have been stolen by hackers. The attack – which took place in August 2022 – was ambitious, and its success even more so.

LastPass’ backup copies of their users’ password vaults were stored, apparently securely, on a third-party cloud storage platform. This, in itself, is nothing unusual; storing backup copies of secure data in remote locations is good practice. Nonetheless, once third parties become involved in storing your data, you relinquish control of this data’s security. And this is exactly where LastPass has fallen victim to threat actors.

While the mechanics of the breach remain under wraps, LastPass has had to admit that personal identifiers – including addresses, phone numbers, credit card details and IP addresses – are among the stolen data. The password vaults – which are encrypted – have also been stolen, so this means the threat actors are closer to knowing your password. And, given they now have access to your personal identifiers, it makes brute force attacks easier.

What to Do if You’re a LastPass User

LastPass has been keen to stress that, although stolen, the password vaults are secure due to the encryption protecting them. However, these encrypted passwords are now in the hands of an unauthorized party and means they are seriously compromised. Therefore, it’s crucial all LastPass users take the following decisive actions:

Change your LastPass password: your master password will be the password used to access the LastPass service, and this needs to be changed immediately. Any data breach means access has been compromised, so changing your master password is the first step to take. With your master password changed, you will instantly be reducing the risk of your passwords falling into the wrong hands.

Change all your stored passwords: the passwords stolen from LastPass are encrypted, but it makes bad sense to rely on this. Accordingly, we would recommend going through all your passwords on LastPass and changing them to new ones. With this completed, the details within the stolen password vaults will become redundant.

Make sure your LastPass password is not recycled: following a data breach, it’s always good practice to make sure your master password isn’t used on other platforms. For example, a threat actor may take your login details for LastPass and use a bot to automatically try them in thousands of different other platforms. As such, if you recycle your login credentials across platforms, you run the risk of these being compromised too.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Monthly Archives: February 2023