Cybereason, the XDR company, has published a new report, titled RansomOps: Inside Complex Ransomware Operations and the Ransomware Economy, which examines how ransomware attacks have evolved from a cottage industry less than 10 years ago into a multi-billion dollar business today. With increasing sophistication behind RansomOps attacks, ransomware syndicates are reaping the benefits with record profits, making it open season on public and private sector organizations of all sizes.
Early ransomware attackers relied on “spray-and-pray” tactics to target mostly individuals where ransom demands were relatively small compared to multi-million dollar demands that became more frequent in 2020-2021. With the emergence of RansomOps that are complex and akin to the stealthy operations conducted by nation-state threat actors, ransomware attacks have become harder to defend against for most organizations, and emboldened threat actors have driven up their ransom demands as more and more organizations choose to pay.
“Ransomware gangs have made a strategic shift to targeted attacks against organizations that have the ability to pay multi-million dollar ransom demands, fueling the rise in attacks in 2021. No two RansomOps attacks garnered more publicity last year than those on Colonial Pipeline and JBS Foods. Unfortunately, ransom demands have increased this year and critical infrastructure operators, hospitals and banks have targets on their backs,” said Lior Div, Cybereason CEO and Co-founder.
To Pay or Not to Pay
A previous Cybereason report, titled Ransomware: The True Cost to Business, revealed that 80 percent of organizations that paid a ransom were hit a second time, many times by the same threat actors. Instead of paying, organizations should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy. There are a variety of other reasons for not paying, including:
–NO GUARANTEES OF RETRIEVING DATA: Paying the ransom doesn’t mean that you will regain access to your encrypted data. The decryption utilities provided by those responsible for the attack sometimes simply don’t work properly. In the case of Colonial Pipeline in 2021, the company paid a $4.4 million ransom, received faulty decryption keys from the DarkSide Group and had to activate their backups to restore systems.
–LEGAL IMPLICATIONS: Organizations could end of paying steep fines from the U.S. government for paying ransomware actors that sponsor terrorism. In addition, supply chain ransomware attacks that impact an organization’s customers or partners would result in lawsuits from the impacted organizations.
–INCENTIVIZING RANSOMWARE ATTACKS: Organizations who pay ransomware attackers send the message that the attacks work and it continues to fuel more attacks and higher ransom demands. Like Cybereason, the FBI advises that organizations refrain from paying ransoms because it simply emboldens malicious actors by telling them that extortion works.