The most common ransomware infection occurs when a user visits a security-compromised website. A popular method attackers use sends a targeted and seemingly safe phishing email that contains a link to a website that hosts the ransomware code. This form of attack, also known as “social engineering,” does everything possible to look legitimate and make its message almost impossible to ignore.
The ransomware attack code is designed to target systems through one of many commonly known software or operating system vulnerabilities. Additional forms of ransomware infections are specifically focused on users with higher levels of permissions, such as administrators, to inject malicious code. Any of these can allow an attack to proceed undetected until it’s too late to prevent or proactively respond to it.
Once the code has been delivered and executed on a system, two things can happen. Locker ransomware will shut users out of the system. Crypto ransomware encrypts data using advanced mathematical encryption keys. Systems affected by a ransomware attack can see widespread damage or a specific file or system types—such as SQL databases or Microsoft Office files—targeted.
Where does ransomware come from? And how did ransomware become so prevalent? Ransomware got its start more than 30 years ago when, in 1989, the “AIDS” Trojan horse (or PC Cyborg Trojan) appeared. Although other forms of ransomware emerged throughout the 1990s, such as the von Solms-Naccache scenario in 1992, the impacts were limited due to the lack of interconnectivity between systems, whether business, consumer, or government.
This all changed in 2010, when the emergence of cryptocurrency like Bitcoin, smartphones, and hyperconnectivity created a perfect storm in which ransomware could thrive. Cryptocurrency allowed for better anonymity in receiving ransoms. New levels of connectivity made it easier to disperse code faster and provided access to websites such as LinkedIn to generate a precise list of targets. And all of this could now be run from an attacker’s smartphone, making the source of the attack more difficult to pinpoint.
The numbers behind the growth of ransomware attacks are startling. Just in the first half of 2021, there has been a 93% increase in ransomware attacks. These attacks are becoming more visible, as well, with notable incidents such as the DarkSide attack on Colonial Pipeline and the REvil attack on Kaseya making headlines.
The ransomware ecosystem is largely self-contained and is capable of powering itself. In other words, it has become its own unique economy, complete with innovation and investment opportunities. The resources and tools necessary for carrying out a ransomware attack have been simplified as a result, opening the formulation of these attacks to a wider, nontechnical audience.
Ransomware as a Service (RaaS) is a popular way this has been accomplished. RaaS is an adaptation of Software as a Service (SaaS). Like SaaS, RaaS is a subscription-based model that provides ransomware tools in exchange for giving the developer a portion of the proceeds. This eliminates the coding requirement for many attackers that have been instrumental in fueling the explosion of ransomware attacks in recent years.
Attack tools used will vary. However, the growing prevalence of exploit kits such as Globe Ransom Builder introduces a new twist. These tools allow users to build a ransomware tool to suit attackers’ exact needs or to modify an existing ransomware tool. The increasing availability of these toolkits makes it certain that the market for ransomware tools will continue to heat up.
The financial windfalls to be gained by a malicious party through a ransomware attack means this isn’t going away anytime soon. Attackers sought $70 million from Kaseya, while Colonial Pipeline paid out $5 million in Bitcoin, though the FBI was able to recover $2.3 million in Bitcoin shortly after the ransom was paid.
The potential for financial gain in the ransomware marketplace has seen an interesting trend develop where attackers have started to attack each other. These attacker-versus-attacker incidents are expected to increase as the amount of money collected through successful attacks continues to grow. This will only add to the complexity of the ransomware market.
It’s the ransomware resource you can’t afford to be without. 437 Pages of ransomware know-how. Stay ahead of the cybercriminals: get your copy now!