Privacy & Risks
A Deep Dive into the Evolution of Ransomware Part 3
This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends.
Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises - no sector was immune from the impact of ransomware's widespread infiltration in recent years.
We discussed what triggers threat actors from changing their business models in part two. We also talked about what ransomware looks like through the lens of evolution. In the last installation of this series, we’ll look at how ransomware will look like when it goes through a revolution.
Ransomware revolution
Cryptocurrency-based crime has been booming in 2021, with illicit activity estimated to be worth at least $14 billion by Chainalysis's 2022 crime report. Ransomware remains a profitable endeavour for criminal actors but stealing cryptocurrency and fraud involving it are even more lucrative pursuits.
As cryptocurrency becomes more and more common, particularly among younger internet users, it poses an attractive target for cybercriminals. Profiting from ransomware may no longer be the only option; increasing numbers of malicious actors are beginning to switch to stealing cryptocurrencies directly through malware or phishing campaigns in hopes of a bigger payout.
With ransomware actors increasingly targeting large companies, governments may recognize their potential and offer them recruitment opportunities rather than prosecution. Geopolitical events might even force ransomware actors to start working for the government.
In the past, malicious hackers have been transformed into ethical hackers as corporations and nations leverage these skills for security purposes.
While ransomware arrestees are unlikely to face an offensive-oriented agreement in most countries, there may be rare exceptions where a hacker is recruited, and their sentence shortened for working on behalf of the government. This arrangement could provide access to specific political targets while still leaving some room for criminal activity if state salaries fail to compete with larger payoffs from cybercrime.
Cybercrime is a continually developing field that has recently received increased attention from researchers seeking to understand its roots and implications.
While it seems clear the organized crime world has incorporated digital tech into its operations, the evidence does not suggest cybercrime organizations have taken over traditional ones. However, there are a few areas where cybercriminals and traditional organized crime meet: money laundering, facilitating crime, and a few instances of cybercrime.
Research indicates that the profits gained by malicious actors deploying a "short-and-distort" scheme can be immense - up to hundreds of millions of dollars. This is exponentially greater than what ransomware attackers might see, leading experts to believe these schemes may increasingly replace ransomware as choice attacks against listed enterprises.
Mergers and acquisitions are an effective way to increase profits, efficiency, and market presence for ransomware groups. Collaboration with larger AaaS or money laundering-as-a-Service actors could lead to lower costs while maintaining the efficacy of their criminal activities. This strategic decision can serve existing RaaS entities in achieving the ambition of becoming formidable leaders within the cybercrime industry.
For years, cybercriminals have been utilizing supply chain attacks to gain access to systems and propagate malware. Now, with the increasing sophistication of tactics such as targeted ransomware campaigns, these types of malicious strategies are used more frequently than ever before, widening the reach of their damaging effects on victim networks around the world.
Most software systems and platforms trust implicitly the updates authored by third-party developers and leaving companies vulnerable if those parties are compromised. Such security breaches can lead to insidious malware infiltrating user devices on a large scale.
Business email compromise (BEC) is a rising threat to organizations, with the FBI estimating staggering losses of $43 billion across 2016-2021. This scam typically involves criminals employing publicly available information on company executives to fool them into wiring large sums of money - averaging around USD 160,000 per organization victimized in 2016 alone.
While malware and credential phishing are known methods used for BEC attacks, no such tools may be necessary if sufficient public data can be gathered about business targets. As it stands now, this form of cybercrime has proven highly profitable for attackers compared to ransomware schemes causing great financial damage worldwide.
What’s next?
As ransomware technologies continue to advance, we can expect a transformation of the entire landscape over time. We may see both gradual progress and an innovative breakthrough in malware tactics all at once and this could be especially true when considering potential changes in ransom business models as well.
Given the precarious nature of geopolitical and economic climates, a radical change in ransomware attackers' strategies could be on the horizon. Such game-changing shifts have already been observed several times before - indicating we may soon witness what can only be described as a revolutionary transformation in this field.
Organizations can no longer simply detect a ransomware attack after it has happened. To best protect themselves, they must employ proactive strategies such as XDR software to identify potential intrusions and act against them further upstream in the kill chain. By being aware of what malicious actors are doing before any encryption occurs, organizations will have a better chance at successful prevention.
As we analyze the aftermath of these cyberattacks, we mustn't overlook what enables them to take place and instead solely focus on their final product. This will help us better understand how similar events can be prevented in the future.
To learn more about the future and evolution of ransomware and its business models, download our full report here.