Although the prevalence of ransomware seems to be increasing, it can be challenging to measure. Do we simply hear more rumors about it? Is it genuinely becoming more widespread? When we look at recent data, the answer to the latter is unquestionably “Yes.”
Our FortiGuard Labs researchers have observed 10,666 ransomware variations in the past six months, as opposed to just 5400 in the preceding six months. That’s an almost two-fold increase in ransomware variations.
Therefore, it’s clear that this menace to modern life and business is proliferating rapidly. The sooner organizations understand this and the more they know about it, the better equipped they’ll be to keep their data safe. Let’s take a look at the latest developments in ransomware, including ransomware-as-a-service (RaaS) and recent campaigns, and consider what organizations need to do to defeat them.
The Rise of Ransomware-as-a-Service
What’s behind this recent spike in ransomware? Cybercrime has developed into a massive and sophisticated industry, complete with tech support, call centers to help victims pay ransoms, mules that transport and launder money and people in charge of forums on the Dark Web where programmers may buy and sell their wares.
With the help of pre-made ransomware tools created by others, partners (affiliates) can carry out attacks using the RaaS subscription model. If the attack is successful, the affiliates can receive up to 80% of the revenues, after which everyone else gets paid.
As a result, the rapidly expanding ecosystem of cybercrime has developed its own supply chain and now brings in more than a trillion dollars annually. Because the criminals are better funded, using new service models, and continually altering their strategies and upping their game, the supply chain is expanding as well.
Some of the Major Campaigns
Even though law enforcement has had some significant achievements, such as the global collaboration to stop the RaaS operation REvil (also called Sodinokibi), ransomware operators remain a significant threat to all types of enterprises, irrespective of industry or size. Other significant ransomware campaigns have risen up to fill the vacuum created by the REvil takedown, which reverberated throughout the RaaS sector.
Lapsus$ first surfaced as an extortion player in December 2021 and has attacked numerous major corporations, used social engineering strategies to breach their target systems, and tried to solicit employees to gain corporate access.
There were rumors that Lapsus$ was nothing more than a group of kids because the group’s leaders were constantly boasting about their attacks as they were taking place. UK law enforcement detained seven individuals on March 24 in connection with Lapsus$; they ranged from 16 to 21.
According to CISA, the RaaS organization Conti conducted spearphishing tactics to hack into the networks of its victims by sending targeted emails with malicious attachments or links. Conti has been operating since 2020.
To avoid detection, Conti members were infamous for using remote managing and monitoring tools. Conti shut down its final two tor servers in June 2022, dismantling the gang as we know it. It’s anticipated that they might yet carry on with their operations in the form of smaller spin-off organizations.
How to Stay Safe: Educate Yourself and Take Action
We can keep one step ahead of the bad actors by learning about best-practice cyber hygiene, working with other defenders, and using tools like artificial intelligence (AI) to detect and apply mitigating techniques. It’s one thing to respond to a security breach; it’s another thing to prevent it from happening in the first place. AI and automated threat detection are essential tools for enabling enterprises to neutralize threats quickly and effectively, particularly across individual endpoints.
To provide secure access for remote work and learning, zero trust approaches need to be put into practice. Additionally, remote workers and students are targets of cyber-attacks, just as businesses are, making cybersecurity user awareness training more crucial than ever. Everyone will benefit from guidance and education on the best ways to keep people and companies safe.
Defeating Ransomware
The fact that ransomware variations have almost doubled in just the last six months tells us that cyber-criminals know when they’ve found a good thing, and they’re going after it with all the resources they have. And those resources are considerable these days, including significant funding and infrastructure to rival some corporations. Ongoing training, the use of AI and a shared intelligence strategy will all help organizations overcome the serious threat that ransomware poses.