Ransomware is becoming a huge problem. In fact, according to a detailed report published by cybersecurity firm Sophos, cryptocurrency was involved in approximately 79 percent of the world’s ransomware incidents over the past 18 months. At the top of the list were the Conti and REvil ransomware attacks.
Ransomware Is Changing for the Worse
Sophos also believes that so long as cryptocurrency exists, it will likely be at the center of several other attacks in the future.
Ransomware is a process in which a hacker or group of hackers overtakes the computer network of a company or enterprise. They encrypt the data within that network to ensure nobody can gain access to it. They hold the data hostage and ask that a ransom be paid if they wish to get their information back.
One of the most notable examples of ransomware as of late occurred earlier in the year when the Colonial Pipeline was compromised. To bring it back up to speed, a ransom was requested, though the Federal Bureau of Investigation later managed to intercept the funds.
Sophos feels that so long as the crypto space goes unregulated, these kinds of ransomware attacks are likely to continue. In the coming year, the firm believes that these attacks will be both modular and uniform, and that hacking groups will likely offer their services to outside parties, thereby increasing risks to companies across the globe.
Chester Wisniewski – principal research scientist at Sophos – said in an interview:
Ransomware thrives because of its ability to adapt and innovate. For instance, while RaaS offerings are not new, in previous years their main contribution was to bring ransomware within the reach of lower-skilled or less well-funded attackers. This has changed and, in 2021, RaaS developers are investing their time and energy in creating sophisticated code and determining how best to extract the largest payments from victims, insurance companies, and negotiators. It is no longer enough for organizations to assume they’re safe by simply monitoring security tools and ensuring they are detecting malicious code. Certain combinations of detections or even warnings are the modern equivalent of a burglar breaking a flower vase while climbing in through the back window. Defenders must investigate alerts, even ones which in the past may have been insignificant, as these common intrusions have blossomed into the foothold necessary to take control of entire networks.
How the World of Data Encryption Adapts
Not long ago, an anonymous individual at Conti ransomware leaked the step-by-step guide that the organization uses when deploying the malicious code that often compromises known networks and firms. Some of the most common forms of ransom-based malware are what are known as loaders and droppers, and they have become increasingly advanced over time.
Sophos also talked about a new ransomware model called Gootloader, which targets individuals while also establishing mass attacks on organizations.
