Among so many cybersecurity threats, ransomware is undoubtedly one of the most feared. That someone can take control of your files, encrypt them, and force you to pay a ransom to get them back, is a nightmare that nobody wants to live. But the worst thing is that these attacks are becoming more and more sophisticated thanks to a state of permanent evolution; and therefore it is increasingly common to come across infections of this type that harm individuals, companies, institutions or organizations.
Ransomware attacks growth
During 2021 we have seen an increase in the number – and scale – of ransomware attacks, and it is no coincidence. And, unfortunately, the outlook is not much better heading into 2022, according to Sophos. The renowned security firm released its threat report for the coming year this month, and the outlook around ransomware is alarming. So much so that they define it as “a black hole” that attracts other cyber threats in order to form “a massive, interconnected ransomware delivery system”.
Basically, what the specialists say is that ransomware is so dangerous and lucrative that it is changing the cybercriminal ecosystem. And here the escalation of ransomware “as a service” or RaaS (Ransomware as a Service) plays a key role. This is clearly not new, and is a topic we have covered in the past; however, the methods underpinning it are also altering as the years go by.
One of the warnings Sophos is making heading into 2022 is that ransomware will be more modular. Specifically, it refers to the fact that there are more and more groups dedicated to developing and selling specific elements that are necessary to perpetrate such an attack. Thus, criminals no longer even have to worry about creating their own tools, but can rely on the work of different vendors to procure the relevant “parts”.
As we mentioned earlier, the Sophos report speaks of a shift in the cybercriminal ecosystem fostered by the evolution and sophistication of ransomware. In addition, the company sees other threats that are considered common, and that existed long before ransomware, now serving as pawns for criminals operating attacks that “hijack” an individual’s or organization’s files. Specifically mentioned in this case are loaders, droppers and Initial Access Brokers.
More ransomware criminals
“This is distorting the cyber threat landscape,” claims the company’s principal researcher Chester Wisniewski. “Ransomware thrives on its ability to adapt and innovate. While RaaS offerings are not new, in previous years their main contribution was to make ransomware available to less skilled or less well-funded attackers. This has changed and, in 2021, RaaS developers are investing their time and energy in creating sophisticated code and determining the best way to extract larger payouts from victims, insurance companies and negotiators. They are now tasking others with finding victims, installing and executing the malware, and laundering the stolen cryptocurrencies,” he said.
But that’s not all. The report also estimates that pressures on victims to pay ransoms for their files will increase “in range and intensity”. Among the most commonly used methods this year are the exposure of personal data, telephone threats and denial-of-service (DDoS) attacks.