The Future of Ransomware

Ransomware has become a multibillion-dollar industry, but cybercriminals are now expanding to new markets and employing new techniques to maximise profits.

It’s been around for decades, but cybercriminals are using ransomware in new ways to extort money from unsuspecting victims. Broadly speaking, ransomware is malicious software that infects a system, encrypts data, and then demands a ransom for the encryption key. The victim has a choice to make; pay the ransom and receive the decryption key, or restore their data via a backup. But in an increasingly digital age, ransomware is becoming a lucrative market. Stories of companies from all over the world that have been crippled by ransomware regularly dominate the headlines.

A study by Sophos found that 51% of companies had been hit by a ransomware attack in the previous year. Cybercriminals succeeded in encrypting data in 73% of these attacks, and 26% of ransomware victims whose data was encrypted got it back by paying the ransom; more than twice (56%) the number of organisations for their data back via backups. But ransomware is evolving, and cybercriminals are no longer relying on receiving ransom payments just for decrypting data. In recent years, more advanced ransomware known as doxware has appeared, which threatens to leak private information if the ransom isn’t paid, putting more pressure on victims.

The study by Sophos also found that 59% of ransomware attacks over the past year involved data stored in the cloud. While the meaning of “the cloud” that respondents used is open to interpretation, it’s clear that cybercriminals are now targeting data regardless of where it’s stored. There are several reasons why cybercriminals have started targeted cloud services. The coronavirus pandemic, which has led to many offline businesses closing, has resulted in fewer opportunities for cybercriminals. Typically, the user will receive an email that appears as though it was sent by their cloud service provider, containing a phishing link. The user then inadvertently installs a malicious app that requests permissions to access software as a service (SaaS) data such as Office 365. The malicious app will then begin encrypting data stored in the cloud.