Ransomware is now a giant black hole that sucks up all other forms of cybercrime

Ransomware is so lucrative for the gangs involved that other parts of the cybercrime ecosystem are being reused in a system to deliver potential victims.

“The gravitational force of the ransomware black hole is attracting other cyber threats to form a massive, interconnected ransomware delivery system – with significant implications for IT security,” security firm Sophos said in a report.

Ransomware is seen by many experts as the most pressing security risk facing businesses – and is hugely lucrative for the gangs involved, with ransom payments rising dramatically.


See also: A winning strategy for cybersecurity (ZDNet special report).


Sophos said ransomware is becoming increasingly modular, with different groups specializing in particular elements of an attack. He also pointed to the related increase in “ransomware as a service,” where criminal gangs can purchase access to tools to execute their own ransomware attacks when they lack the technical capacity to create them. same these tools.

These so-called ransomware “affiliates” don’t even need to find their own potential victims: the ransomware ecosystem has grown so that they can reach out to other groups specializing in access. corporate networks and who will sell them this backdoor. .

In addition to doing business with these “initial access brokers”, potential ransomware attackers can turn to botnet operators and malware distribution platforms to find and target potential victims. And because of the potential profit to be made, these groups are increasingly focusing on serving ransomware gangs rather than less lucrative forms of online crime, Sophos said.

“Established cyber threats will continue to adapt to distribute and deliver ransomware. These include loaders, droppers, and other basic malware; increasingly advanced and human-managed initial access brokers; spam; and adware, ”the security company said.

The idea of ​​ransomware-as-a-service has been around for quite some time and has often been a way for less skilled or less well funded attackers to get started.

But what has changed now, said Chester Wisniewski, senior researcher at Sophos, is that ransomware developers are now using this model as a service to optimize their code and get the biggest payoffs, offloading to other tasks of finding victims, installing and executing malware, and laundering cryptocurrencies.


See also: Ransomware: It’s a ‘golden age’ for cybercriminals – and it could get worse before it gets better.


Separate research has even suggested that ransomware gangs are now wealthy enough to start buying their own zero-day vulnerabilities, which was previously only available to state-backed hackers.

“It distorts the cyber threat landscape,” Wisniewski said, as common threats such as loaders, droppers and initial access brokers – which existed and caused disruption long before the rise of ransomware – now meet demands. ransomware gangs.

Leave a reply:

Your email address will not be published.