Dallas City Government, in May 2023, faced a ransomware attack which resulted in the temporary halt in their operations which included hearings, trial and jury duty and the closure of the Dallas Municipal Court Building.
The attack further impacted police activities, as overstretched resources made it more difficult to implement initiatives like summer youth programs. Threats to publish private information, court cases, prisoner identities, and official papers were made by the criminals.
One may think that cyberattack on city government would be a headline news, however, this year has seen a number of such instances that any mere attack is just another common topic of discussion. A notable exception was the vulnerability exploitation of a Moveit file transfer app in May and June 2023 that led to data theft from hundreds of organizations across the world, including British Airways, the BBC and the chemist chain Boots.
Apparently, over the past years the ransom payments have doubled to US$1.5 million, with the big-profit organizations paying the highest price. A British cybersecurity company called Sophos discovered that the average ransomware payment increased from US$812,000 the year before. At US$2.1 million, the average payment made by UK organizations in 2023 was considerably greater than the global average.
While ten years ago this was no more than a theoretical possibility and niche threat, but ransomware has now gained a wide acknowledgment as a major threat and challenge to modern society. Its rapid evolution, which has fueled crime and done enormous harm has raised serious concerns.
The "business model" for ransomware has evolved as, for example, malware attack vectors, negotiation tactics, and criminal enterprise structure have all advanced.
Criminals are now expected to adapt to their strategies and cause digital catastrophe for years to come. In order to combat the long-term threat, it is crucial to examine the ransomware threat and anticipate these strategies.
What is Ransomware?
In various settings, the term "ransomware" can refer to a variety of concepts. At Columbia University, Adam Young and Mordechai "Moti" Yung revealed the fundamental structure of a ransomware assault in 1996, which is as follows:
Criminals get past the victim's cybersecurity defenses (either by using strategies like phishing emails or an insider/rogue employee). Once the victim's defenses have been breached, the thieves release the ransomware. Which has as its primary purpose locking the victim out of their data by encrypting their files with a private key, which is conceptualized as a lengthy string of characters. The perpetrator now starts the third stage of an attack by requesting a ransom for the private key.
Here, we are discussing some of the most popular developments of ransomware attacks one may want stay cautious about:
Off-the-shelf and Double Extortion
Ransomware-as-a-service's advent was a significant development. This phrase refers to markets on the dark web where criminals can buy and utilize "off-the-shelf" ransomware without the need for sophisticated computer knowledge, and the ransomware providers get a part of the profits.
According to research, the dark web serves as the "unregulated Wild West of the internet" and provides criminals with a secure environment in which to exchange unlawful goods and services. It is freely accessible, and there is a thriving worldwide underground economy there thanks to anonymization technologies and digital currencies. The European Union Agency for Law Enforcement estimates that just in the first nine months of 2019, there was spending of US$1 billion.
With ransomware as a service (RaaS), the entry hurdle for would-be cybercriminals was decreased in terms of both cost and expertise. In the RaaS model, vendors that create the malware provide competence, although the attackers themselves may be only moderately experienced.
Crypto Extortion Threats
In the newer developments in ransomware attacks, attackers are now progressively finding new tactics for extortion. One of the highly discussed techniques include the cryptocurrency-specific variations, and the “consensus mechanisms” used within them.
Consensus mechanism refers to a technique used to achieve consensus, trust, and security across a decentralized computer network.
In particular, cryptocurrencies are progressively validating transactions through a so-called "proof-of-stake" consensus method, in which investors stake substantial amounts of money. These stakes are open to ransomware extortion by criminals.
Until now, crypto has relied on a so-called “proof-of-work” consensus mechanism where the authorization of transactions include solving a complicated math problem (the work) to authorize transactions. This strategy is not long-term viable since it leads to unnecessary large-scale energy use and duplication of effort.
A "proof-of-stake" consensus method is the alternative, which is increasingly becoming a reality. In this case, validators who have staked money and receive compensation for validating transactions approve transactions. A financial stake takes the place of the role played by ineffective work. While this solves the energy issue, it also means that substantial sums of staked money are required to validate crypto-transactions.
