Home Features Rags to Riches! The Evolution of Ransomware Operators

Rags to Riches! The Evolution of Ransomware Operators

Despite multiple joint cyber operations that busted several ransomware groups, new kinds of ransomware strains are still being reported regularly.

BlackMatter ransomware

Detecting and preventing ransomware attacks have become the primary goal for most organizations. The cybersecurity community across the globe is severely concerned about the rising sophistication of ransomware attacks. Ransomware operators have become a serious threat to organizations and individuals, creating havoc, encrypting sensitive corporate data, and demanding hefty ransoms.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

Threat actors leverage double-extortion techniques by threatening to post victims’ data online if they refuse to pay the ransom. If this isn’t menacing enough, threat actors are now leveraging the triple extortion technique to make their ransomware business more lucrative. In triple extortion, attackers send their ransom demands to the customers and third-party agencies associated with the victim.

Several industries saw a growth in their cybersecurity budget to thwart ransomware threats, and governments even declared ransomware as a national threat, implementing robust security measures to protect their critical infrastructure from both state and non-state adversaries.

The Rising Costs of Ransomware 

Despite multiple joint cyber operations that busted several ransomware groups, new kinds of ransomware strains are still being reported regularly. A survey from Cybersecurity Ventures predicted that ransomware attacks would cost organizations across the world $20 billion in 2021, which is a 57% increase when compared to 2015 ($325 million). It also forecast that ransomware attacks will cost the victims over $265 billion annually by 2031, reporting an attack every 2 seconds.

Rise in Attackers’ Revenue

The pandemic and the newly adopted remote working environment gave more opportunities to ransomware operators in creating new malware and extortion techniques. DarkSide ransomware group, which is behind the infamous Colonial Pipeline hack, extracted over $90 million ransom in Bitcoin from 47 victims. The group reportedly infected nearly 99 organizations with the DarkSide malware, with an average ransom payment of $1.9 million.

Why do companies rush to paying ransom?

Threat actors purposely target high-profile organizations with a larger employee and customer base. Their brand image and the massive amount of sensitive customer data make large enterprises accept ransom demands. Research from the Neustar International Security Council (NISC) revealed that over 60% of organizations admitted that paying the ransom would be their primary solution in the event of a ransomware attack. One in five organizations said they would consider paying 20% or more of their company’s annual revenue.

Most organizations prefer paying ransom to avoid data loss or misuse by attackers. For instance, meat-processing giant JBS confirmed that it had paid $11 million to the REvil ransomware gang to restore its systems. The U.S. Colonial Pipeline reportedly paid $4.4 million ransom after attackers disrupted its services. However, there is no assurance that victims will be able to recover their data after paying the ransom. There is a chance that attackers may demand more ransom; they may release only a small amount of data on the dark web, or they can get hold of a copy of the encrypted data to threaten the victim in the future.  It’s imperative to think about the effects and consequences of ransom payments before paying them.

Closing Comments

Bob DiachenkoSpeaking to CISO MAG about the rise of ransomware attacks, cybersecurity researcher Bob Diachenko said, “Ransomware evolves similarly to any software proposition on the market – there are large groups operating as marketplaces with ransom-as-a-service solutions, state-sponsored APTs, and many independent actors most of which are simply trying to reach a low-hanging fruit in the form of misconfigured databases.”

About the Author:

Rudra Srinivas

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

Read More from the author.