The state of ransomware: Faster, smarter, and meaner
March 25, 2024 – Published on CSO Online
The ransomware business hit record highs in 2023 despite falling payment rates, as attackers scaled up the number of attacks and new AI weapons were brought to bear on both sides of the war — promising to make an even bigger impact this year.
Ransomware payments hit $1.1 billion in 2023, a record high and twice what they were in 2022. The frequency, scope and volume of attacks were all up, as was the number of independent groups conducting the attacks.
Every cybersecurity expert expects ransomware attacks to continue to grow as threat actors scale up their operations while enterprises continue to beef up their defenses. But one segment of the cybercriminal economy that might be in for a change is that of ransomware-as-a-service providers.
The way these systems can work is that the provider creates the ransomware toolset, and individual affiliates send out the phishing emails and negotiate the ransoms. There’s a degree of isolation between the two groups to create resiliency and insulation from law enforcement. But authorities have recently indicated that they will be going after the affiliates. Plus, the affiliates themselves have turned out to be a security risk for the central ransomware provider.
“With the takedown of LockBit, there’s going to be a lot of consideration by cybercriminals to be more hesitant about the affiliate-based system,” says Drew Schmitt, practice lead in the GRIT threat intelligence unit at GuidePoint Security.
And sharing money with affiliates also cuts into the profits of the central ransomware group. “If they could use generative AI for negotiations, they could expand their efficiency,” Schmitt says. That would leave just the core group of ransomware operators and no affiliates, lowering total operational costs for the threat actors. “That’s something that we’re looking at.”
Read More HERE.