Inside complex RansomOps and the ransomware economy

By Brandon Rochat, Cybereason Sales Director, Africa
Brandon Rochat, Cybereason Sales Director, Africa.
Brandon Rochat, Cybereason Sales Director, Africa.

Ransomware operations have transformed dramatically over the last few years, from a small cottage industry conducting largely nuisance attacks to a highly complex business model that is extremely efficient and specialised with an increasing level of innovation and technical sophistication.

According to recent reports, the global volume of ransomware operations reached 304.7 million attacks in the first half of 2021 – a year-over-year increase of 151%, and 100k+ more attack attempts than in all of 2020.

Research by Cybersecurity Ventures estimated a ransomware attack occurs about every 11 seconds. That translates to about 3 million ransomware attacks over a year.

In 2021, the average ransom payment was $570 000, a 518% increase from 2020. For perspective, this average is relatively low compared to recent ransom demands that have hit as high as $50 million or more.

Several factors have contributed to the maturation of ransomware operations, resulting in a significant surge in ransomware attacks with record-breaking ransom payouts.

Ransomware purveyors are moving away from high-volume attacks with low ransom demands in favour of more focused, custom attacks aimed at individual organisations selected for the ability to pay multimillion-dollar ransom demands.

These more complex ransomware operations, or RansomOps, involve highly targeted, complex attack sequences by sophisticated threat actors.

The burgeoning ransomware as a service (RaaS) industry has also lowered the technical bar for many would-be attackers by making complex attack infrastructure available to low-skilled threat actors.

Ransomware is an extremely lucrative business model with little to no risk involved for the threat actors. Couple this with the willingness of most victim organisations to pay the ransom demand swiftly under the assumption it will return business operations to normal, and we have a big problem with no easy remedies.

This has created a gold rush in the cyber crime world, spawning an ecosystem of technologies and services that support these illicit operations, creating a larger ransomware economy that flourishes much like any legitimate emerging market sector.

This white paper examines the growing threat from complex RansomOps, as well as the larger ransomware economy, and provides prescriptive guidance for organisations determined to remain undefeated by ransomware attacks.

Download the full RansomOps white paper here.

Share