Exploring the reasons for ransomware's rise over the past decade as well as measures necessary to start investing in a more secure future.
A new report by John Sakellariadis for the Atlantic Council takes a deeper dive into the rise of ransomware over the past decade and is worth reading by managers looking to understand this marketplace.
The report makes three main points about this question, which we'll break down in detail.
Ransomware cybercriminal gangs and markets have made adjustments to their original ransom demands and found a near limitless demand for targeted ransomware, enabling them to up their extortion demands. They were also helped by more effective ways to deliver their payloads, encrypt data, receive payments, and pressure victims. In 2020, the last year analyzed, many of the top criminal groups earned more than $10M in payouts, and one (REvil) earned $100M. The report walks through these developments and how the gangs got better at what they did and reaped the rewards.
For example, REvil advertised that they were investing $1M to recruit new hackers, and the group behind Conti ransomware employs more than 70 people on its payroll, which of course is delivered via cryptocurrency. Others have become more full-service vendors, renting out their botnets and creating affiliate programs to expand their reach.
Further reading: Changes the ransomware landscape
Ransomware groups have also quickly embraced the “double extortion” method of demanding a second payout otherwise the stolen data would be leaked to the dark web.
The report mentions several factors: a large number of victims with sub-par security, the lack of any real enforcement in the cryptocurrency space, the difficulty in identifying the specific actors, and the legal patchwork that has enabled these criminals to operate without any real threat across international boundaries.
“Overall, the global nature of the money laundering networks that support cryptocurrency cash-out schemes inhibit the federal government from enforcing effective regulatory regimes cheaply or quickly,” the report states.
And as long as effective cybersecurity efforts remain costly and require continually investments in both staff and protective processes, the criminals will continue to seek out and exploit these softer targets. “Too often, small- to medium-sized organizations must choose between security or affordability,” says the report.
The report calls for implementing three policies:
Quoting from the report itself, “It is imperative that policymakers measure success against targeted ransomware in terms of the overall volume of ransomware payments, not just the absence of attacks on high-risk entities. It is time to start investing in a more secure future.”
To prevent being targeted by ransomware, both individuals and business should keep the following best practices in mind:
AI technology really has advanced to the point that it’s now at a pivotal point – and it’s only continuing to gain momentum.
Cryptocurrencies have now been around for over a decade. Along with their increasing popularity, there has also been a rise in the use of cryptocurrencies for cybercrime.