Is ransomware evolving to an “extortion-only” business model?
The ransomware landscape has changed quickly, and the change is only accelerating. So much so, that the data encryption element that ransomware is known for is getting left behind.
We’re now evolving to a much newer threat, and one that is likely to send an icy chill down any system administrator’s spine. The emerging threat is now a criminal digital ecosystem focused on outright extortion.
Ransomware is malware that, once it infects a device or network, encrypts all the important files it finds, rendering them unreadable. The crooks behind the ransomware then demand a ransom to be paid via hard-to-trace crypto-currency. Once the ransom is paid, the crooks promise to provide a decryption key that allows the victim to retrieve their files.
Early strains of ransomware used poor encryption that could usually be decrypted by the good guys. So no need to pay the ransom. Subsequent strains, however, used encryption that is practically unbreakable.
Sponsored Content. Continued below...
But still the ransomware industry evolved into a complex ecosystem bustling with organised criminal gangs seeking out loftier targets and high ransom pay-outs. The scams became more convincing, more targeted and more refined. And a short time later, the cyber-crooks who developed ransomware began renting out their malware on the Dark Web to other criminal gangs in what has become known as Ransomware-as-a-Service (RaaS).
The Achilles Heel of ransomware, however, is data backup. Yes, backups are time consuming and a pain, but they mean a business can remove a ransomware infection, delete the files the infection encrypted and recover them from their backup. No data loss. No money wasted paying a ransom.
And because of the surge of ransomware infections, businesses have become much better at ensuring their backups A. exist and B. are current.
And the last thing a cyber-crook wants is to spend time and money targeting a business only to find the business scoffing at their ransom note.
Sponsored Content. Continued below...
And thus enters the extortion element.
Extortion perhaps largely started out as an insurance element to a ransomware scam. Not only would the ransomware get to work encrypting files, but it would also steal documents. Employee records, sensitive company data, financial information, customer data. If a business refused to pay-up to get their files back, perhaps they’d change their tune when faced with the prospect of having this information leaked online.
It worked.
And it may have worked too well. It didn’t take long for ransomware crooks to figure out that companies seemed more worried about having sensitive information leaked online that they did about their encrypted files. Soon enough the threat of leaking stolen files proved just as effective – if not more so – at getting companies reaching for their wallets as the ransomware itself.
And the attacks themselves starting placing a higher emphasis on data theft than they did on encrypting files.
Sponsored Content. Continued below...
And in May 2021, the Babuk ransomware gang, a relatively new criminal gang targeting businesses with ransomware, announced they would be moving to a data theft only business model moving forward.
It’s probably not going to be long before other criminal gangs follow suit.
The threat poses new challenges for Cybersecurity staff, and how to keep intruders out of their networks and, importantly, keep them away from sensitive company and customer data.
As the criminals evolve with the times, so must organisations. If a significant portion of the ransomware criminal industry moves towards data theft and extortion, this is a problem that will only get significantly worse with time. And the Cybersecurity habits of big business will need to adapt, quickly.