Ransomware groups collectively earned $692 million in 2020, about 380 per cent more than the combined total of $144 million they earned in 2013-19, a new report by Tenable, a cyber exposure company has revealed.
The ‘Ransomware Ecosystem’ report also mentioned how almost 38 per cent of all data breaches in 2021 were directly as a result of ransomware attacks. Of this, the healthcare sector alone accounted for 36.2 per cent of all the security breaches. This was closely followed by the education sector, which represented 24.7 per cent of all data breaches.
Tenable’s security response team also noted that when directly compared to ransomware attacks of 2020, the 2021 figures were up by at least 3 per cent. Ransomware accounted for 35 per cent of all data breaches in 2020, the report said.
Satnam Narang, senior staff research engineer, Tenable said: “With RaaS and double extortion, a Pandora’s Box has been opened, and attackers are finding holes in our current defences and profiting from them. In 2021, double extortion ransomware increased by 117 per cent globally. While ransomware groups get the most notoriety and attention for attacks, these groups come and go. In spite of the turnover, affiliates and IABs remain prominent fixtures in this space and more attention should be given to these two groups in the ransomware ecosystem.”
Read below to find out how ransomware attacks were executed and how much criminals earned by extorting users with ransomware attacks.
Tenable’s security researchers found out that one of the main reasons for these kinds of cyberattacks prospering is because they have adopted it as a service.
Ransomware-as-a-service (RaaS) has been effective at lowering the entry barrier, and thus, allowed cyber criminals with little to minimal technical knowledge in certain domains to commoditize ransomware attacks i.e., distribute the scale and scope of attacks among different criminals with each having expertise in a particular domain.
According to the report, “ransomware has become its own self-sustaining industry.”
“Previously, attacks were perpetrated by the same ransomware groups that developed and propagated the malware, but the advent of RaaS has attracted multiple players, where each has a vital role, making up what we refer to as the ransomware ecosystem,” the report said.
The report said that in 2020 alone, ransomware groups collectively earned $692 million, about 380 per cent more than what they earned in the six previous year.
JBS group, the world’s largest meat processing company, suffered a ransomware attack in June 2021 and paid $11 million to the attackers.
“At the time of payment, the vast majority of the company’s facilities were operational. In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated,” a media report quoted the company as saying.
The report noted that RaaS type ransomware attacks were successful mainly because of two other players who play quite a prominent role in the entire ransomware ecosystem. They are affiliates and initial access brokers (IABs), who often times, play a bigger role in the attacks than the designer of the ransomware virus.
Affiliates: Affiliates earn about 70-90 per cent of the ransom payment, and they are tasked with the primary work of gaining access through the host’s network. They do this by using methods like spear phishing and brute force attacks on remote desktop protocol (RDP), thus exploiting unpatched or day-zero vulnerabilities, or, by purchasing stolen credentials on the dark web.
“For a ransomware group to succeed, they need to recruit affiliates to conduct attacks and provide a steady stream of ‘customers’ (victims). So it’s no surprise that ransomware groups are also very generous when courting affiliates. When you consider how many ransomware groups are operating today, it makes sense that groups need to be aggressive in order to recruit affiliates,” the report said.
Initial Access Brokers (IAB): They are a specialised group of cybercriminals who are responsible for gaining access to organisations through multiple means and methods. There are multiple individuals and groups dedicated for this sole purpose of gaining access to the host’s systems. When they get access to the system, they then sell it to other individuals or groups in the cybercrime ecosystem. Their fees range from $303 for control panel access to as high as $9,874 for RDP access.
Double Extortion: Tenable’s researchers found that the current dominant ransomware attack technique is ‘Double Extortion’. The report said that this tactic was pioneered by the ‘Maze ransomware group’.
This attack technique involves attackers stealing sensitive data from victims and then threatening them to pay the ransom, or else the data will be published on the Web. At the same time, these attackers encrypt the data on the victim’s computer systems so that the victim cannot access it.
DDoS: Distributed Denial of Service (DDoS) is a type of attack which involves sending so many requests to a company’s website that a situation of overload persists, and the system fails to honour any request.
Thus, in a DDoS type of ransomware attack, the company’s website is targeted, and this impacts their ability to service customers, and also hinders their ability to provide access to customers. This creates a situation of panic among customers, and thereby adds up to the pressure built upon the company’s management to pay up the ransom.
“These tactics are part of the ransomware gangs’ arsenal as a way to place additional pressure on victim organisations,” the report further said.
