Ransomware is big business, and business is certainly booming for cyber criminals.
It’s becoming all too frequent to hear of the next large corporation to be hit with a Ransomware attack, taking down services and putting the personal data of millions of customers at the mercy of the now highly organised, effective and increasingly ‘business-like’ criminal ransomware groups.
It is not just down to luck, or natural progression and growth that these groups are now able to successfully implement attacks against large, successful and (you may think) well-protected businesses. Put simply, it’s just down to good, albeit criminal business.
More and more ransomware victims are choosing to pay the ransom to get their businesses back up and running, and in doing so they are filling the coffers of criminal organisations and effectively bankrolling subsequent attacks. More money means more resources to re-invest in the business of ransomware- building better tools, more sophisticated and nuanced delivery methods and more intelligent and dynamic payloads. Ultimately this then leads to more successful attacks and more ransom money in the bank, which leads to better tools….it’s one hell of a business model.
You don’t need to look far for examples of this evolution in action- take these incidents from the past year alone:
- On New Year’s Eve 2019 foreign currency giant Travelex was crippled by REvil ransomware, with the responsible group adding blackmail to the mix by threatening to release the encrypted data into the public domain if payment terms were not met. Travelex reportedly paid $2.3 million to end the attack, but the effects to the business have been long-lasting and they have still not fully recovered to this day.
- More recently in July this year US Travel company CWT suffered an attack of Ragnar Locker ransomware, deployed by a ransomware group with a surprisingly customer service-focused offering. A representative from the group engaged in an online chat with CWT execs to negotiate payment, and CWT ended up paying the bargain price of $4.3 million to decrypt their data and again, prevent the group from releasing the stolen files (Initially the request was for $10 million, however CWT were given a discount for responding quickly).
- Own a Garmin device? Then I’m sure you’ll be aware of the breach that affected Garmin services for days, also in July this year. Garmin were infected by WastedLocker- a strain of ransomware largely believed to be attributed to ‘Evil Corp’, a Russian cyber crime group that was hit with US Treasury sanctions in December 2019 for affiliation with a Russian Intelligence operation to steal classified US Government documents. Apparently unperturbed by the risk of falling foul of the sanctions, it is widely reported that Garmin enlisted a 3rd party to engage with the criminal gang, allegedly paying a multi-million dollar ransom to get control of their >www.cyberscale.co.uk
