There are few guarantees in the IT industry, but one certainty is that as the world moves into 2022, ransomware will continue to be a primary cyber threat.
The dangers of ransomware have risen sharply since WannaCry and NotPetya first appeared in 2017, and this year has been no different. A pair of recent reports underscore just how important this threat is.
The Global Threat Landscape Report released in August by FortiGuard, Fortinet’s threat intelligence unit, found that the weekly average of ransomware incidents over the past 12 months has increased 10.7 times. In Fortinet’s Global State of Ransomware Report in September, two-thirds of companies surveyed had been victims of ransomware attacks and 85% said they were more concerned about ransomware than any other cyber threat.
The sharp increase in ransomware attacks can be attributed to many reasons, from the low level of cyber hygiene at some companies, to insufficient training and education of employees and issues with patch management, according to Derek Manky, head of operations. security information and global threat alliances for Fortinet. FortiGuard Laboratories. Cyber criminals don’t have to work too hard to get into these systems. When they do, the payoff can be huge, especially as attackers turn to big business.
Cryptocurrency Fuels Ransomware
One constant in all of this will be cryptocurrency, the realm’s coin when it comes to ransomware. The big payouts, the tendency of most victims to pay the ransom demand, and the money to be made by selling or renting their malware in the growing ransomware as a service (RaaS) market are all draws for ransomware.
The driving force behind this is cryptocurrencies, which have become the mode of payment for ransoms and create the financial foundation for the rapidly evolving ransomware market, the meteoric rise in incidents and the growing number. bad actors engaging in it, Manky said ESecurity planet.
“There is no doubt that we are seeing a parallel increase here,” he said. “It’s because of the cash cow. Cryptocurrency is really fueling this in a way. … If you were to take the cryptocurrency out of that, they don’t have a convenient digital platform. They’re going to have to go back to the drawing board. In fact, it makes their operations more expensive, as they have to try to be innovative and have more groundwork themselves in the field, like any business would if it didn’t have a platform. .
Read also: The state of Blockchain applications in cybersecurity
Crypto enables the ‘vicious circle’
To make it all worse, the ransomware is a “vicious cycle,” Manky said.
“Once you have that lower security state and attackers get into systems, they force companies to pay the ransom,” he said. “When they pay the ransom using cryptocurrency, it encourages cybercriminals. It makes their pockets deeper. They don’t have to go to great lengths to reap the benefits like they do today.
The use of cryptocurrencies like Bitcoin, Ethereum, and a myriad of others dates back to the days of e-gold, another digital currency launched in the 1990s that included the use of online accounts. The use of electronic gold peaked in the mid-2000s before being suspended in 2009 for legal reasons. As cybercrime became more about monetization, cybercriminals began to leverage currency for money laundering, fraud and other schemes, he said.
Between the demise of electronic gold and the rise of cryptocurrency, the bad actors have used a number of different means to move money, including gift cards. They would steal credit cards to buy gift cards, then use them to cash them out and sell them to other people, Manky said.
Also Read: Best Ransomware Removal Tools
“New form of crypto-jacking”
The rise of cryptocurrency has had a ripple effect throughout the cybercriminal world, Mansky said. When it first entered the scene, the main targets of the threat actors were the cryptocurrency exchanges themselves. Payments for the pirates were significant; when they touched an exchange, they had access to hundreds of cryptocurrency wallets. However, the exchanges started to tighten their security which made the attacks more expensive, so the cybercriminals changed their tactics and started targeting more and more users.
“Instead of robbing a bank, they are addressing the victims themselves,” Manky said.
For the past five years, there has been crypto mining, where malicious actors infect systems with malware that exploit processors to mine for coins, essentially by outsourcing the power of stolen processors. More recently, there has been crypto-jacking, where hackers directly enter a user’s wallet and steal their coins.
It also changed the attack vector and opened up end users to bigger threats. Attackers are no longer chasing a single target, he said. They can enter a system to steal digital wallets, but once a system is compromised, it is open to further attacks.
“It’s a new form of crypto-jacking, basically, but these are still versatile in a way, because in order to install this malware they need what we call a ‘loader’,” he said. declared. “They need a channel in this system. They do it by leveraging cyber hygiene practices, social engineering, all of those things that we’re talking about. … But once they infect these systems, they are compromised, and often we see a lot of secondary attacks happening. It’s just more and more volume and angles of attack.
Cryptocurrency allows cybercriminals to get rich beyond what was possible. Not only can they be paid more for their actions, but the nature of the payments allows them to add more layers to their operations, making it more difficult to track payments. It works like cash in many ways. This facilitates the concealment and laundering of the payment.
“They can actually print their own money, ”he said. “They can print cryptocurrencies on a piece of paper. All it is is a big hash address, some cryptographic algorithm, and they can forward it that way. They can transfer it to a USB stick. They can physically transfer it to a piece of paper and put it in a briefcase and give it to someone else. Once they have that and the real keys, the money is theirs. It is literally about physically transferring a wallet to a wallet.
And they have a choice of several pieces. They can be paid in Bitcoin and wash the payment when switching to Ethereum or other exchanges. This complicates the task of investigators, who “you don’t have just one play to follow, ”Manky said, adding that bad actors“ can do another 100 ”.
Also Read: Best Ransomware Removal and Recovery Services
More sophisticated cybercriminals
The profits that threat actors reap help fuel the rise of a more sophisticated and well-armed hacker, able to gain greater expertise on the backend, so that they have the capacity to launch more attacks. important and more complex.
“We are now seeing cybercriminals fall between what used to be attacks by nation states and the capacity of nation states in terms of sophistication – like zero days and that sort of thing – which are now also the realm of nation states. cybercriminals, ”he said.
More money leads to more sophisticated operations and methods – think ransomware-as-a-service (RaaS) – and this leads not only to more sophisticated campaigns, but also to more attackers. With RaaS offered by highly sophisticated groups, less skilled people can take advantage of these services to launch attacks.
All of these cryptocurrency-fueled trends – including the greater sophistication of cybercriminals driven by massive profits, the promise of earnings, and the growing number of malicious actors who can launch attacks – have helped fuel the growing global problem of cybercriminals. ransomware.
Breaking the cryptographic link
US lawmakers, who this year have become more involved in the issue of ransomware as critical infrastructure – including energy systems as seen in the attack on Colonial Pipeline and food supply via the campaign as a processor JBS Meat World – also see the connection between ransomware and cryptocurrency.
In October, several senators and representatives sent a letter to the ministries of justice, state and homeland security urging them to address – among other things – the role of cryptocurrencies in the rise of ransomware attacks, noting the anonymity that digital currencies give attackers.
It’s important that businesses understand this connection as well, Manky said. One key is prevention and protections – like backing up data – because once the ransomware is in a system, it forces many businesses with few other options to pay in cryptocurrency. The exchanges have safeguards in place, which has increased the cost for cybercriminals to attack the exchanges. Given the increasingly distributed nature of IT, it’s important that businesses view prevention and resiliency in the same way.
“If we don’t… it’s going to be very dark,” Manky said. “He will continue to fund these cybercriminals. Their pockets will widen. Their abilities will become more sophisticated. They have their own businesses and like any business as it grows they add more and more people, partners. In the 90s, it was one person. Then it was a handful of people. Now we see 50, 100 people with partners, maybe thousands in some of these organizations. It’s a big problem.
Further Reading: Best Backup Solutions for Ransomware Protection