The number of different kinds of ransomware has doubled this year, new research suggest, as cyber criminals look to cash in on boom in extortion attacks.
Ransomware has become one of the most significant cybersecurity issues facing the world today, as cyber criminals breach networks and encrypt files and servers, demanding a ransom payment – often of millions of dollars and requested in Bitcoin – in exchange for the decryption key.
And no sector is safe from attacks, with cyber criminals targeting critical infrastructure, hospitals and more. In many cases, the victims will give in and pay the ransom demand in order to restore the network.
The continued success of ransomware means more cyber criminals want to get in on the action – and according to a report by cybersecurity researchers at Fortinet, that’s led to the number of ransomware variants doubling this year.
Analysis of ransomware during the first six months of this year uncovered 10,666 ransomware variants, compared with 5,400 during the second half of 2021 – a twofold increase in the kinds of ransomware in existence.
According to the report, one of the biggest drivers of this is the rise of ransomware-as-a-service (RaaS). Sold on the dark web, these subscription services are designed to allow even novice or low-skilled cyber criminals to get involved with ransomware, with many coming with how-to guides and support from the author.
Often, the authors of the ransomware will take a cut of the profits made from extorting ransom demands – and some ransomware operations become more successful and more notorious than others.
SEE: Ransomware: Why it’s still a big threat, and where the gangs are going next
For example, the report details the success of the Conti ransomware gang, which started out in 2020 and used a variety of methods to infiltrate networks including phishing emails, as well as exploiting security loopholes in remote desktop protocol (RDP) and other cloud services.
However, as of June this year, following an incident where their internal chat logs got leaked, the group apparently shut down.
But it’s unlikely those behind Conti have just retired: the individuals working on the ransomware have likely found their way into other ransomware operations, perhaps even lending their skills to help develop new ransomware variants.
This, combined with the continued success of ransomware attacks, means that it will remain a cybersecurity issue for the foreseeable future.
“Ransomware, exploitation, and attacks on the supply chain will continue to dominate headlines due to their notoriety and disruptive nature, so we shouldn’t expect them to disappear anytime soon,” warned the Fortinet report.
One of the key reasons ransomware continues to be successful is because victims feel they’ve got no choice but to pay the ransom – something which cybersecurity agencies have warned only encourages further ransomware attacks. But there are steps organisations can take to help avoid falling victim to ransomware in the first place.
Many ransomware attacks are a result of cyber criminals finding their way into the network via unpatched security vulnerabilities, so applying security updates shortly after they’re released can go a long way to closing potential holes in a network.
Cyber criminals are also exploiting the increased use of cloud services as a result of the rise of hybrid and remote working, which means if they can steal usernames and passwords, they can access the network as if they were the legitimate user.
Providing users with multi-factor authentication (MFA) can help prevent attackers from exploiting stolen passwords – according to law enforcement, ransomware hackers who are blocked by MFA will just give up as it’s not worth the effort to break down.
Organisations should also regularly make offline backups of their files and servers, so in the worst-case scenario of a successful ransomware attack, it’s possible to restore the network without paying the crooks.
MORE ON CYBERSECURITY