Separator

Demystifying the ransomware ecosystem

Separator
While ransomware isn’t a new threat, it has evolved over the years from targeting individuals to more targeted ransomware attacks against businesses around the globe. With the introduction of ransomware-as-a-service (RaaS) as a business model, ransomware groups now sell access to their ransomware to others. They partner with other cybercriminals known as affiliates to help conduct ransomware attacks on their behalf, bringing them victims and sharing a large portion of the profits with them. What has propelled ransomware attacks over the last few years is the introduction of double extortion, whereby ransomware groups not only encrypt the data on a victim’s network, they steal it first and threaten to leak it on the dark web if their ransom demands are not met.

This added extortion component has been widely adopted by most ransomware groups operating today. This tactic was pioneered by the Maze ransomware group in December 2019. Even with the double extortion component at play, ransomware groups have upped the stakes by incorporating additional extortion tactics, including launching distributed denial-of-service (DDoS) attacks against victim websites, threatening to sell their stolen data to third parties if a ransom isn’t paid, as well as contacting companies that are customers of the victim organizations and using the threat of leaking data on these customers to apply additional pressure to the victims. Ransomware is a force to be reckoned with it and isn’t going to go away that easily.

Organizations should never pay the ransom demand because it simply emboldens the ransomware groups and the other stakeholders within the ransomware ecosystem to continue to perpetrate these types of attacks.

Reason behind bright future of ransomware for cybercriminals

There’s so much money to be made and there are a lot of vulnerable organizations out there, waiting to get hit by a ransomware attack across a variety of industries and business sizes. Ultimately, the bright future for ransomware remains a byproduct of the success from double extortion attacks and exfiltration of stolen data in particular. Some ransomware groups have shifted gears, moving away from encrypting files and solely focusing on the data exfiltration and threat to leak.

Proactive measures to prevent ransomware

In our Ransomware Ecosystem report, we outline 10 steps organizations can take to put themselves in the best position to defend against ransomware attacks. These include things that we know including identifying vulnerable assets and applying the latest patches as promptly as possible, implementing security awareness training, use of security software tools like endpoint security and anti-virus, as well as using multifactor authentication across all accounts. There are other steps mentioned in the report, but these are some of the key ones we want to highlight.