1. Blog
  2. Cyberdefense
  3. Hostages to Fortune? Why Ransomware is Now Big Business.

Hostages to Fortune? Why Ransomware is Now Big Business.

Ransomware attacks are skyrocketing and, sadly, no end is in sight. Cybercriminals are scrambling over themselves to cash in on this lucrative attack trend, which offers a low barrier to entry, great rewards and minimal risk. 2015’s 3.8 million ransomware attacks may sound considerable, but this has been utterly eclipsed by the 638 million attacks reported in 2016 – a 167 fold increase!

The premise is simple enough: malware encrypts data on an infected machine, then attackers extort money from the victim in return for a decryption key. According to the FBI, ransomware netted cybercriminals around $1 billion last year, so there’s a clear financial driver, but a complex chain of forces is also accelerating ransomware’s rise.


New business models.

Data is now the lifeblood of modern business; livelihoods – and even lives – depend on it. As digital transformation gathers pace, ubiquitous mobility and the Internet of Things will only make every area of society more data dependent.

If you value an asset, someone else can always exploit that value,” says Dominic White, CTO at SensePost, Orange Cyberdefense’s elite consulting arm.

It’s no longer enough to think your data wouldn’t be lucrative in anyone else’s hands – if it’s valuable to you, that’s all that matters”.

While covertly infiltrating corporate systems requires considerable time and expertise, ransomware takes a ‘brute force’ approach to the problem – monetising a victim’s data instantly, with minimal effort.

However, the rising value of data is only part of the story behind ransomware’s runaway success. Sure, cybercriminals will always follow the money, but they’re also now exploiting sophisticated as-a-service business models – and even affiliate programmes – to maximise reach and revenues.

The Dark Web has become a trading-hub where attackers can pool their resources, talents and insights. Thanks to this collaborative environment, cybercriminals are becoming ever more sophisticated, prepared and alert to new opportunities.

Recent ransomware variants like CryptoWall, Locky and Cerber have become increasingly commoditised, with creators now offering revenue-sharing agreements to the ‘affiliate partners’ who execute attacks. With Ransomware-as-a-Service providing a steady revenue stream, malware coders can invest in iterating their Dark Web offerings, adding new capabilities or adapting to evolving security precautions.

This automation and commoditisation of ransomware has effectively eliminated any barrier to entry, leaving businesses and individuals facing an ever-growing number of attackers.

Market forces

Meanwhile, the rise of crypto-currencies means cybercriminals can now monetise malware in a way that’s swift, simple and virtually untraceable. Attackers no longer need to concern themselves with money laundering to remain invisible to the authorities, further reducing the complexity of executing ransomware attacks.

While only an estimated 0.25% – 3.0% of ransomware victims pay up, it benefits attackers to encourage future payments. Increasingly, the payment process is fast and simple, ransoms are honoured automatically, and market forces are keeping prices under control, with the average currently sitting at just £525.

Victims, however, are extremely reluctant to admit paying-off attackers. Unfortunately, this not only encourages criminals to continue, it also makes the scale and scope of the challenge harder to estimate and stymies awareness-raising.

Evolving attacks

By moving towards Ransomware-as-a-Service, cybercriminals are becoming increasingly agile and able to exploit new opportunities.

We’ve already seen ransomware attacks increase against SMEs, since criminals know that smaller organisations often lack the sophisticated disaster recovery and data back-up solutions used by large enterprises.

If such targeted attacks prove more lucrative for cybercriminals we will undoubtedly see a growth in tailored attacks on specific organisations or business sectors using spearphishing and social engineering.

One disturbing possibility is medical facilities. Hospitals are often dependent on older IT systems with patchy security, but access to patient data is also a life and death, time-critical issue – making ransom payments both more likely and more lucrative. For instance, in 2016 Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 to free its computer network from a ransomware attack.

Fighting back

With an apparently sustainable business model evolving, ransomware may soon become a systemic issue. To break this vicious cycle the ransomware business model must be disrupted; the pandemic will only diminish when it ceases to be profitable.

While Ransomware-as-a-Service is on the rise, the good news for businesses is that the fundamental nature of these attacks hasn’t changed. There’s nothing ‘new’ to worry about, even if the chances of being targeted are growing. As such, the top priorities for organisations remain the same:

  • Assess the data attackers might target and focus security spending on protecting it effectively.
  • Implement disaster recovery solutions and regular back-ups, so encrypted data can be restored.
  • Educate employees on phishing and social engineering to make your organisation a harder target.
  • Ensure business software is kept patched and up-to-date.

You might be also interested in finding our more about:

Managed Vulnerability Scanning Services

Our cloud based Managed Vulnerability Scanning (MVS) services ensure you have experienced analysts armed with industry- leading tools on hand to identify, classify and prioritise weaknesses as needed. Without interrupting business-as-usual, we provide meaningful intelligence on verified vulnerabilities and the best route to remediate or mitigate against them via clear, personalised reporting.