The Internet Crime Complaint Center of the FBI received 3,729 complaints related to ransomware in 2021, an 82% rise from two years ago and aggravating. As per the dept of the treasury, the top 10 ransomware groups took at least $5.2 billion dollars in extortion payments.
Ransomware's massive scale and growth got the attention of leaders in business and policy, however, we should note how the ransomware operators may adapt and evolve to secure their earnings.
Prior to the ransomware boom, threat actors tried various extortion techniques. These involved thefts and the sale of sensitive information like credit card numbers. Some focused on ACH transfers and direct financial transactions.
While others tried reselling system access for scrap value to other threat actors, or crypto mining, bringing the monetization issues downstream. The highest profit-bearing technique needed savvy operators and maintained, continuous access, meaning that getting caught could sabotage operations that required a considerable investment of time.
Ransomware revolutionized the extortion game. The brute extortion technique was easy to execute and effective.
Ransomware of the past didn't need to understand the victim network, didn't care for anti-forensics or much caution, and provided instant and direct payment without depending on black market resellers.
With the life cycle getting tight, more profits, and a significantly low barrier to entry, ransomware laid paths for new cybercrime explosion.
Future of Ransomware
The future is sure to witness threat actors modify the ransomware playbook. We may notice groups build more advanced tradecraft to disrupt attribution, lowering the effect of sanction lists (imposed by governments, including payment bans).
Currently, we find ourselves in the initial stage of Ransomware 3.0 evolution, but we can expect more changes in the extortion models. Attackers may adopt traditional ransomware models, reselling stolen data along with/instead of extortion.
We are already aware that threat actors are experimenting with various cryptocurrency schemes.
To stay safe, the FBI suggests:
- Update your operating system and software.
- Implement user training and phishing exercises to raise awareness about the risks of suspicious links and attachments.
- If you use Remote Desktop Protocol (RDP), secure and monitor it.
- Make an offline backup of your data.
