Trends in the world of cybersecurity show a worrying trend: ransomware is on the rise. 2021 was an all-time record year for the number of recorded ransomware and cyber attacks. Cyber criminals specializing in ransomware are therefore among the major winners of the corona pandemic, as the advance of remote working gives them even more opportunities to develop their digital extortion practices.
Cybercrime has become a lucrative business model that, according to Coveware, a company specializing in cybersecurity, generates profit margins comparable to those derived from organized cocaine trafficking. But how can the rapid rise of ransomware in IT be explained? Read on to find out.
What is ransomware?
The name makes it immediately clear how this insidious and vicious form of cybercrime works. Ransomware is a form of malware that locks computers, files or systems. In exchange for lifting the block, the cyber criminals demand money from the affected organization or users. Usually they ask for payment in bitcoins because transactions in cryptocurrencies are more difficult to trace than regular cash flows.
While companies often see ransom payments as the only option to regain control of their IT, there is a degree of risk involved. You can never be sure whether the attacker will actually unlock your devices or files, while paying actually sets a precedent for future attacks because the cybercriminal succeeds in his goal.
Why ransomware is on the rise
The increase in the number of ransomware attacks is due to several factors. We list the most important ones.
Cybercrime is a sector that is professionalising at a rapid pace. Forget the hacking hobbyist jokingly trying to hack into a corporate network in his bedroom. Notorious ransomware networks like REvil, Conti, CLOP, and DarkSide are run as professional criminal networks. Some even have a separate ‘customer service’ that ensures that the systems of victims who pay are also restored in an orderly manner.
Modern cyber criminals are constantly looking for vulnerabilities and security holes within networks and applications, backdoors that allow them to smuggle in and deploy their ransomware. They often work with networks of like-minded people or provide ransomware-as-a-service (RaaS) ‘colleagues’. They outsource certain parts of the attack, as it were, making it even more difficult for investigative services and companies to determine the exact source of a ransomware attack.
Because ransomware is such a profitable business model today, professional cybercriminals use their considerable earnings to devise new, even better scam tactics and techniques.
Cheap malware and hacking tools are widely available
We live in a time where the use of technology has been democratized. You no longer have to be a wealthy multi-million dollar company to reap the benefits of AI, IoT or state-of-the-art cloud technology. But the general availability of advanced technology also has a downside.
Cyber criminals today have easy access to an impressive arsenal of cheap malware and handy hacking tools. This often stems from government- or secret-service-manufactured technology that eventually leaks out and ends up in the unregulated public cyber jungle. For example, RDP credentials from medium-sized companies can often be bought for several hundred dollars in the depths of the dark web. And it is also not very difficult to get a ready-made ransomware package for a small price. Lowering the threshold even further, ransomware is a form of cybercrime that requires little in-depth technical knowledge.
Remote working and cybersecurity
Hybrid working is the new norm, especially now that the corona pandemic is more persistent than we hoped and working from home is still the motto. Unfortunately, this development also creates additional opportunities for cyber criminals. There is a growing chance that employees in their comfortable home office use their own devices that do not meet the same security standards as the desk or laptops in the office. A technology such as IoT also ensures more devices and users within the network, which increases the attack surface.
Moreover, in a home working setting there is less insight into the online behavior of employees. Does someone accidentally click on a malicious link that paves the way for malware to infiltrate your system? Then there is a good chance that you will only find out when the screens go black… A good authentication and verification policy is therefore an essential weapon against ransomware in the age of remote working.
Small chance of being caught
Diverting money through the regular banking system is not an easy undertaking. A large corporate bank transfer to an overseas account is often quite complicated. You have to deal with signatures, multiple banks and an approval procedure that usually takes a few days. Bypassing all these security mechanisms requires the necessary specialist knowledge. It is not without reason that the police are on time in about 75 percent of the cases when criminally obtained money is funneled away through legitimate channels.
That is why most criminals want to be paid in cryptocurrencies after a ransomware attack. For example, you can perform a bitcoin transfer online in a few seconds. At the same time, the boom of speculative interest in bitcoin is creating an increasingly robust ecosystem of financial services and tools. This is actually intended for legitimate cryptocurrency users, but is obviously also eagerly exploited by cyber criminals.
An additional complicating factor is that professional cybercriminals are often in jurisdictions that fail to adhere to or recognize Western anti-money laundering standards and laws. Think, for example, of Eastern European countries that fall outside the jurisdiction of the European Union. Anti-Western sentiments, whether or not a remnant of the Cold War, sometimes mean that tackling cybercrime against Western companies or governments is hardly a priority for law enforcement in those states.
Protecting against Ransomware: How INTERMEDIATE Helps
Protecting yourself adequately against ransomware is specialist work. A good cybersecurity expert will provide you with the tips and best practices you need to reduce the chance of a ransomware attack. Does it ever go wrong? Then such a specialist will help you choose the right approach.
Finding a cybersecurity professional isn’t always easy. The demand is greater than the supply. But don’t despair. At INTERMEDIATE, we connect you to the right cybersecurity professionals within a few days. These experts help you not only ensure information security and privacy, but also deal with ransomware attacks.
Would you like to know more about our services and our range of security experts? Please feel free to contact us by calling +31 (0) 611 662 797 or emailing firstname.lastname@example.org. You can also fill in the contact form on our website. You will receive a response from us within one working day.