The Rising Tide of Ransomware Attacks
Ransomware has been around for decades, but, in recent years, the threat of ransomware has grown dramatically. The WannaCry ransomware outbreak in 2017 demonstrated that ransomware was a profitable attack vector, and the creation of cryptocurrencies like Bitcoin made it easy for attackers to demand and receive ransom payments.
The pandemic also contributed to the rise of ransomware as cybercriminals took advantage of the rise of remote work and the increased importance of healthcare organizations. As remote work becomes part of business as usual, the ransomware pandemic continues to grow.
Understanding the Ransomware Threat
Ransomware is an evolving threat to corporate security. The original ransomware campaigns were relatively simple. The malware was delivered via email or exploitation of a software vulnerability and encrypted files on the infected machines. If the ransom was paid, the attackers provided decryption software that enabled the victim to restore normal operations.
In the last few years, ransomware campaigns have evolved quickly. One major change is in the infection vectors used. Ransomware now mainly targets remote access solutions, exploiting VPN vulnerabilities or using compromised employee credentials to log in via RDP.
The techniques used by ransomware operators to force victims to pay the ransom have changed as well. The ability to restore from backups neutralizes the impact of data encryption, so ransomware has branched out to data theft as well. Modern ransomware operators threaten to leak stolen data if a ransom is not paid by the victim and, in some cases, their customers. Some ransomware groups also use the threat of Distributed Denial of Service (DDoS) attacks as incentive to meet their demands.
Finally, the ransomware threat has evolved due to role specialization and the creation of the Ransomware as a Service (RaaS) model for attacks. Instead of a single group developing malware, infecting organizations, and collecting ransoms, ransomware authors now distribute their malware to “affiliates” for use in their attacks. RaaS provides affiliates with access to advanced malware and enables the ransomware authors to scale their campaigns, increasing the ransomware threat.