Ransomware is now a giant black hole that sucks up all other forms of cybercrime
File-encrypting malware is where the money is – and it’s changing the entire ecosystem of online crime.
Ransomware is so lucrative for the gangs involved that other parts of the cybercrime ecosystem are being reused in a system to deliver potential victims.
“The gravitational force of the ransomware black hole is attracting further cyber threats to form a massive and interconnected ransomware delivery system, with important implications for IT security.”
security firm Sophos said in a report.
Also Read: Computer Security: 5 Methods To Protect Your Computer.
Ransomware is viewed by many experts as the most pressing security risk facing businesses – and is hugely lucrative for the gangs involved, with ransom payments rising dramatically.
Sophos said ransomware is becoming increasingly modular, with different groups specializing in particular elements of an attack.
He also highlighted the related boom in ‘ransomware as a service’, where criminal gangs can purchase access to tools to execute their own ransomware attacks when they lack the technical capacity to create them. same these tools.
These so-called ransomware “affiliates” don’t even have to find their own potential victims: the ransomware ecosystem has grown so that they can reach out to other groups specializing in network access. company and who will sell them this backdoor. .
Also read: Bot: How do you know if your computer is infected with a bot?
In addition to doing business with these “initial access brokers”, potential ransomware attackers can turn to botnet operators and malware distribution platforms to find and target potential victims. And because of the potential profit to be made, these groups are increasingly focusing on ransomware gangs rather than less lucrative forms of online crime, Sophos said.
“Established cyber threats will continue to adapt to distribute and deliver ransomware. These include loaders, droppers, and other basic malware; increasingly advanced and human-managed initial access brokers; spam; and adware ‘
the security company said.
The idea of ransomware-as-a-service has been around for quite some time and has often been a way for less skilled or less well funded attackers to get started.
Read also: Microsoft has mitigated the “biggest DDoS attack ever”
But what has changed now, said Chester Wisniewski, senior researcher at Sophosis that ransomware developers now use this model as a service to optimize their code for the biggest payoffs, offloading the tasks of finding victims, installing and running the malware to others, and launder cryptocurrencies.
Separate research has even suggested that ransomware gangs are now rich enough to start buying their own. zero-day vulnerabilities, which was previously only available to state-sponsored hackers.
“It distorts the landscape of cyber threats“Wisniewski said,” as common threats such as loaders, droppers and initial access brokers – which existed and caused disruption long before the rise of ransomware – now meet the demands of ransomware gangs.