Ransomware has turned into one of the nastiest cybercrime phenomena over time, with the typical ransom demand having grown more than 10 times in one year.
There are more than a dozen players in the ransomware-as-a-service (RaaS) arena, each with a bevy of associates that concentrate on business targets throughout the globe. The ransomware ecosystem altered dramatically since the notorious GandCrab team closed shop in mid-2019. The RaaS version they presented is currently the standard, leading the way for competent perpetrators with a clear method to generate income.
Ransom demands have skyrocketed
In a recent report, cybersecurity firm Group-IB assessed just how this risk altered in only one year since 2018. Crooks embraced a wide variety of entry points, raised their ransom demands, and also began to take documents from targets prior to file encryption as an additional factor to compel a settlement.
According to these findings, ransomware raids in 2019 grew by 40% as well as the concentration on bigger targets drove the ransom amount from $6,000 to $84,000, 2 of the greediest lineages being REvil (Sodinokibi) and also Ryuk.
In 2020, however, the cost has actually raised a lot more. Information from Coveware, a firm that takes care of ransomware events, reveals that the price went up in the initial quarter of the year much more, to $111,605. Ryuk as well as Sodinokibi remain to be in charge of this rise across the board.
Common attack mechanisms
Amongst one of the most typical invasion strategies are drive-by downloads by means of exploits kits, remote services (generally RDP), as well as spear phishing. At the RSA security event last February, the FBI likewise mentioned that RDP is one of the dominant techniques ransomware authors utilize to gain a foothold in the target network.
Advanced ransomware distributors rely upon techniques that provide accessibility to juicier targets: supply-chain compromise, manipulating unpatched susceptibilities in public-facing software, or hacking managed service providers (MSPs).
Analysts claim that also major-league crews such as Ryuk, Sodinokibi, LockerGoga, MegaCortex, Maze, or Netwalker utilized typical invasion techniques such as RDP merely due to the fact that the accessibility to web servers with an open port was very easy to receive from dark web marketplaces.
Phishing is utilized consistently to breach business networks as well. High-profile criminal gangs enhanced their methods by making use of flaws in WebLogic Server or Pulse Secure VPN; this was seen in Sodinokibi incursions.
Data theft and leaks added to the mix
A growing number of ransomware families are spilling data pilfered from organizations unless they obtain their ransom money. This approach was first employed by Maze ransomware in November 2019, when they released information from Allied Universal.
Right now, 12 ransomware crews maintain leak websites where they release information illegally obtained from targets, while others make use of dark web forums to share download web links.
Some ransoms seem entirely blown out of proportion. Sodinokibi, for example, requested $21 million from a target otherwise they would release information regarding the firm’s customers, the majority of them being celebrities in the show business world.
Ako ransomware, one more strain that likewise steals companies’ information, discovered a method to boost their earnings by requesting 2 ransoms: one for decrypting the data as well as an additional for not releasing it.
Ransom demands exceeding $1 million aren’t uncommon anymore as criminals change their costs according to the endangered company’s profits and also the quantity of encrypted computer systems. Whereas 2019 was very rewarding for ransomware groups, 2020 will most likely outstrip it as crooks keep zeroing in on big firms in leading markets.