IntSights, the threat intelligence company focused on enabling enterprises to Defend Forward, released a research around The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage.
Ransomware attacks have been gaining momentum globally across industries including energy, financial services and government, and have proven to be highly disruptive to businesses and even nations. Average ransomware payments have gone up by a staggering 2,500% from US$10,000 to US$250,000 in Q3 2020 since late 2018. Fuelled by RaaS (ransomware-as-a-service) available on the dark web, and the anonymity of cryptocurrency, even inexperienced users can launch their own ransomware attacks and gain profit while remaining completely elusive.
Moving beyond single, operational-level challenges in taking a company offline and demanding payment to restore operations, ransomware today often involves systems encryption and stolen data publication threat, capable of crippling critical infrastructures. In 2021, the outcome of attacks have been found to be more severe. Researchers at IntSights discovered ransomware groups operating in a multichannel mode, where they auction some of the full data leaks. This means that when a company is attacked with ransomware, it is working against the clock to get back on its feet, and is also in danger of losing its data to an unknown entity, possibly without knowing what data was compromised and who else has access to it.
Other highlights include:
Emergence of the black market dedicated solely to data leaks: Collaboration between attackers and sellers where a ransomware group can hack into an organisation, extract the information, sell it to a third-party in the black market, and only at this point inform the victim.
Ransomware attacks and motivations will continue to evolve: Cyber threats will involve more than loss of functionality or physical damage. There will be more and more versions and appearances of data theft, leakage, and trade over the coming years.
Increasing involvement of law enforcement: Previously, law enforcement organisations were not heavily involved within most areas of the dark web crime landscape. However, some have recently stepped in to take down these cybercrime operations as these attacks have sparked national interest in protecting critical infrastructure, and we might see more law enforcement organisations step in future attacks