Describe ransomware specialties
Ransomware has been around for a long time, skulking in the background, waiting for the perfect storm before bursting on to center stage. However, technological advancement, the growth of the internet, and a human appetite and desire to have the spotlight on themselves, have fueled the evolution of ransomware.
Locker vs. crypto
While the objective of ransomware is to make an individual or organization pay a ransom, how it goes about that can differ. Two of the more common versions are called locker and crypto.
- Locker ransomware tends to bar access to a computer or service by stopping the device from booting or preventing access.
- Crypto ransomware can vary from encrypting sensitive or essential files to encrypting everything stored on the computer or server, effectively rendering it meaningless.
In both instances, the cybercriminal restricts or blocks access to critical and essential data until their demands are met. Usually, payment has to be made through cryptocurrencies, which are traditionally difficult to trace.
Growth of ransomware families
A family is typically any group of related entities, and ransomware is no different. In this case, a ransomware family is created when several different types of ransomware share some or all of an earlier successful ransomware version, but have been adapted or modified to meet a specific need. In 2021, three ransomware families accounted for more than 55 percent of all cyberattacks detected. The increased use of ransomware families has one benefit: it makes them easier to detect, which can help to limit the damage from, or help prevent, an attack.
By the end of 2021, the top ransomware families were:
- WannaCry
- Stop/DJVU
- Phobos
- BearCrypt
- Avaddon
Ransomware as a business
According to Homeland Security, ransomware attacks in the US in 2021 increased by 300 percent in one year. With the combination of low technical skills required by cybercriminals and high rewards, ransomware has transformed the way they operate.
Initial Access Brokers
Access to the best ransomware doesn't guarantee immediate success. An up-to-date and robust security policy can thwart the majority of cyberattacks. However, the highly profitable nature of ransomware has led to the rise of a new type of cybercriminal, the Initial Access Broker.
Initial Access Brokers use various techniques, including social engineering, phishing, and brute force to access your systems. However, their aim isn't to disrupt or steal, but to obtain the highest level of user credentials available. When the Initial Access Broker has this information, it's then auctioned or sold to the highest bidder on the dark web.
Successfully breaking into a computer system undetected is complex and challenging, and the capability is beyond the means of most would-be cybercriminals. However, successful Initial Access Brokers have removed these barriers by doing all the hard work. They make it easier for nontechnical cybercriminals to circumvent your security, steal sensitive data, and install ransomware.
Ransomware-as-a-service
Whether for good or bad, developing any software takes time, effort, and money. With the success of the software as a service (SaaS) model, where users pay an ongoing subscription to use a company's software, a new type of business model has evolved, named ransomware-as-a-service. Broadly, ransomware-as-a-service may also be discussed using the term RaaS. Ransomware-as-a-service requires the cybercriminal to pay a subscription and provides access to the latest products, and a guaranteed percentage of any successful ransom payment.
In the last few years, the volume of ransomware attacks coming from ransomware-as-a-service was more than 60 percent and is set to grow, mainly because it requires no technical knowledge to use.