Last week, during our morning tech briefing (two digestives and a pot of Yorkshire’s finest), we found ourselves discussing a troubling trend that’s quietly reshaping the criminal underworld: Ransomware-as-a-Service.
While we’ve been tracking this development for months, we realised many businesses, and business owners, haven’t heard a whisper about it yet – and that’s precisely what makes it so dangerous.
Gone are the days when launching a ransomware attack required coding expertise and technical know-how. Today’s digital criminals have taken a page from legitimate business practices, creating a ready-made criminal enterprise anyone can buy into. It’s the dark web equivalent of a franchise model – but instead of paying for a trusted brand name and business plan to sell coffee and paninis, these franchisees are purchasing the tools to hold your business data hostage. No technical skills required, satisfaction practically guaranteed (for the criminal, not the victim).
The hacking franchise is open for business
So how exactly does this criminal franchise work? The developers (we might call them criminal HQ) craft the ransomware software, set up payment systems, and – if you can believe it – offer technical support. Yes, these cybercriminals will actually help their “affiliates” if the ransomware doesn’t encrypt files properly. They’ve got customer service standards to maintain, after all!
Meanwhile, the affiliates (franchise owners) focus on getting the ransomware onto victims’ computers through dodgy email attachments, compromised websites, or by exploiting security gaps in outdated software. When they succeed, the ransom payments get split, with affiliates typically pocketing 60-80% of the take. The rest goes back to headquarters.
Once inside your system, the ransomware scrambles your files using encryption that would take supercomputers thousands of years to crack. Then comes the ransom note – pay up (usually in cryptocurrency) or kiss your data goodbye. It’s the digital version of changing every lock in your building and then charging you for the new keys.
Some of these criminal operations have become so established they’ve developed their own twisted version of brand recognition. They’ve got logos, websites, and affiliate programs with performance bonuses for the most “successful” attackers. They’re taking notes from proper business textbooks, with the unfortunate twist that their business happens to be extortion.
Small fish make tastier targets
“But surely they’re after the big companies with deep pockets?” That’s what nearly every small business owner asks us about cybercriminals and hacking – right before we explain why they’re actually perfect targets.
Small and medium businesses often fly under the radar when it comes to security – thinking they’re too insignificant to attract attention. It’s rather like assuming burglars only target mansions, while leaving your own front door unlocked. The reality? Criminal franchisees love a soft target with minimal security.
Smaller companies typically lack dedicated IT security staff and advanced protection systems. Your average corner shop might have a basic alarm and CCTV, while Harrods has a small army of security guards and state-of-the-art surveillance. The digital equivalent? Most small businesses have standard antivirus and perhaps a firewall, while larger enterprises employ specialist security teams, advanced threat detection, and multiple layers of protection.
The clincher, though, is downtime tolerance. When your systems go down, the clock starts ticking on potential bankruptcy. For many small firms, even a few days offline spells disaster. Faced with this harsh reality, paying the ransom sometimes feels like the only option, which is exactly what these criminals bank on.
Spotting the digital thieves eyeing your business
Before ransomware fully locks up your systems, there’s often some tell-tale signs, like spotting a suspicious character testing your door handles before a break-in.
Your network might show unusual activity patterns, files being accessed at odd hours or large amounts of data suddenly moving about. Computers might begin running slower than a Sunday driver on country roads. Your antivirus might flag warnings before being suspiciously silenced.
The most common entry point remains email. Gone are the days of obvious scams with glaring typos from princes needing help moving millions. Modern phishing emails might look identical to ones from your bank, suppliers, or even colleagues. We recently helped a client who’d received what looked like an ordinary invoice email. The only giveaway? The sender’s email address had one tiny character difference from the legitimate supplier – a detail easy to miss when quickly clearing an inbox on a busy Monday morning.
Fitting better locks to your digital doors
Staying safe from these franchise criminals takes a layered approach – no single solution will do the trick. Those pesky system updates you keep postponing? They’re actually digital patch jobs for security holes. Skipping them is like noticing your backdoor lock is faulty but deciding it can wait until after holiday season. We recommend setting automatic updates for overnight hours, that way, the computers handle the boring bits while you’re enjoying your evening pint.
Your staff need to become security-savvy too. A quick “Is this legit?” check before clicking links or opening attachments saves countless headaches. We once worked with a local accountancy firm where everyone – from partners to the reception team – had a simple rule: any email asking for urgent action got an actual phone call to verify first. Old-fashioned? Perhaps. Effective? Absolutely.
Multi-factor authentication adds another security hurdle criminals must clear. Even if they nick your password, they still need that code from your phone. It’s like having both a Yale lock and a deadbolt – pick one, and you’re still standing outside.
Proper backups are your get-out-of-jail-free card. Test them regularly. We’ve seen too many businesses discover their backups weren’t working right when they needed them most. And keep backups disconnected from your main systems. A backup that gets encrypted along with everything else is about as useful as a chocolate teapot.
Breaking your network into segments limits damage if the worst happens. It’s similar to how fire doors in a building don’t prevent fires, but they stop the flames spreading everywhere. If your sales department gets hit, your production systems might stay safe behind their digital fire doors.
Fighting back after the digital break-in
Despite your best efforts, sometimes these digital burglars still find a way in. What then? First, pull the plug – disconnect infected machines from your network immediately. Yes, it’s disruptive, but it’s like isolating a fire before it jumps to the next building.
Ring up the proper authorities. In the UK, that means Action Fraud and possibly the Information Commissioner’s Office if customer data’s at risk. They won’t send a cyber SWAT team to your rescue, but their guidance helps, and your report contributes to the bigger picture of tracking these criminals.
Now comes the million-pound question: pay up or stand firm? Nearly every security expert (ourselves included) advises against paying. Payment doesn’t guarantee recovery – we’ve seen cases where decryption keys didn’t work properly or only unlocked some files. It also marks you as a willing payer, putting a target on your back for future attacks. And fundamentally, it funds more criminal activity.
Instead, wipe infected systems clean and restore from your (hopefully recent and tested) backups. It might take longer, but it’s more reliable and doesn’t line criminals’ pockets. After you’re back up and running, figure out how they got in and plug that hole for good. If a burglar got in through an unlocked window, you wouldn’t just replace the stolen items, you’d fix the window and check all your other locks too.
Make your business a tough nut to crack
This ransomware franchise model has brought sophisticated attacks within reach of virtually any would-be cybercriminal. For smaller businesses, that means the threat isn’t just from expert hackers anymore, it’s from a much wider pool of digital miscreants with access to ready-made criminal tools.
But with sensible security measures, such as regular updates, staff training, multi-factor authentication, tested backups, and network segmentation, you’ll make your business a significantly harder target. And when criminals face a choice between an easy mark and a tough nut to crack, they typically move on to easier prey.
We’ve advised lots of clients on both prevention steps and, unfortunately, recovery efforts. The contrast is stark. Those who invested in prevention typically suffered minor hiccups, while those caught unprepared often faced existential threats to their entire operation.
Don’t wait until you’re staring at a ransom note to take this seriously. In cyber security, prevention costs pennies compared to the pounds (or more likely, thousands of pounds) required for cure. With these criminal franchises actively looking for their next target, make sure your business isn’t the easiest one on the block to break into. After all, you wouldn’t leave your office unlocked overnight with the cash register open – so why leave your digital assets any less protected?
