Ransomware is on the rise again, and dramatically so. Reports on the increases year on year vary: Group-IB’s wringer of increasingly than 500 attacks during their own incident response engagements unscientific that increase to be 150% in 2020. Blockchain research firm Chainalysis found a 311% increase, year on year, to the end of 2020 in the number of very ransomware attacks. Whatever the real icon is, it is a problem that is growing, and businesses and organizations of all shapes and sizes, public and private, are feeling it.
There are many reasons why ransomware is on the rise, and to say it is just lanugo to COVID-19 and bored people working from home clicking on anything that looks interesting simply doesn’t do justice to the real situation.
Of course, the pandemic, subsequent lockdowns and promises of a vaccine have all unsalaried to the problem, but none of these explain the “commoditization” of ransomware as a threat.
Why Are Ransomware Attacks Increasingly Common?
According to PwC, (and, it has to be said, a little worldwide sense), there are three key reasons overdue the increase:
- Barriers to entry are dropping. Ransomware-as-a-Service is rhadamanthine increasingly popular, permitting relatively unskilled bad actors to wangle ramified tools and the environment from which to run their campaigns. There are also, in a most enterprising fashion, unite and waterworks accomplice schemes stuff run. Operators such as Sodinokibi/REvil, NetWalker and Nefilim all provide wangle to partners in pre-agreed profit-sharing arrangements.
- Ransomware activities are scalable. A magnitude of the dropping of barriers to entry is that ransomware activities are now increasingly efficient and therefore scalable. The rise of RaaS has meant ransomware activities that were vastitude the capabilities of unrepealable bad actors are now inherently accessible, and vitally, profitable.
- Existing bad actors are professionalising. There has been an unveiled surge of investment in many of the platforms themselves, upgrading their cadre ransomware systems in an struggle to stay superiority of the game and evade detection.
The Changing Nature of Ransomware…and Ransomware Operators
There are other elements to consider too. The recent FatFace violate exposed the bargaining tactics of both the attacker and victim, with the ransom stuff urgently negotiated lanugo from $8M to $2M USD. Interestingly the initial icon was unswayable by the attackers as they had identified that FatFace has cyber insurance to the tune of £7.5M GBP.
How did they unearth this figure? In what may be described as a multi-channel attack, and possible vestige of honour among thieves, a variegated ransomware gang stated that they now target firms who they know have cyber insurance, followed shortly without by a possibly (although not confirmed) unfluctuating wade on a major seller of… you guessed it… cyber insurance!
A final element to consider is quite how weaponised ransomware has become. Back in 1989, when the first example of ransomware was released, the AIDS/COP Trojan, the creator asked for $189 to be sent to a PO box in Panama. When caught, he was found to be unfit to stand trial but single-minded all of the money gained to be donated to AIDS research (Dr Joseph Popp was moreover a Harvard trained anthropologist, consultant for the WHO and worked with the Flying Doctors in Africa). Such magnanimous statements and professional activities are unlikely to be carried out by today’s career criminals!
Another transpiration from early ransomware to today is that nothing is off the table when it comes to extracting money. We saw the negotiation tactics whilom bring to withstand insider knowledge, but criminals moreover threaten to release the stolen data if a payment isn’t made (and often will anyway), publicly signify the violate in order to shame the visitor into paying.
If that isn’t bad enough, a Finnish healthcare provider that suffered a ransomware wade had their patients contacted by the criminals and threatened with the disclosure of their tightly private health records unless they moreover paid a ransom.
Criminals today will use every last ounce of leverage that they have over their victims to maximise profits and return on investment. In fact, they will use financial and emotional triggers to ensure that the victim feels they have little nomination to pay and pay quickly. This form of insidious behaviour ways a ransomware wade can not only leave someone financially vulnerable but moreover emotionally vulnerable too, leading to all sorts of long term forfeiture to individuals and institutions alike.
With all of this, it is unscratched to say that today’s ransomware is nothing like the ransomware of the past. The ransomware of today has moved from playful to malevolent, fundraising to commercial, and worrying to insidious. With criminals thinking strategically, commercially and whilom all stuff highly motivated, there doesn’t towards to be any respite from the sheer volume of ransomware threats out there for us to have to deal with.
If you would like to learn increasingly well-nigh how SentinelOne can help protect your organization versus ransomware attacks, contact us today or request a self-ruling demo.
Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.