Open in app

Sign in

Write

Sign in

Discover How Ransomware Gangs are Making So Much Money

Unveiling the dark secrets inside the lucrative world of Ransomware Gangs

SecureSlate
7 min readFeb 19, 2024
Image from forbes.com

Ransomware, a type of malicious software designed to block access to a computer system or files until a sum of money is paid, has become a pervasive threat in today’s digital landscape. In recent years, ransomware attacks have surged, causing significant financial losses and disruptions across various sectors.

In 2023, while businesses battled financial hardships, ransomware gangs thrived, capitalizing on vulnerabilities with ruthless efficiency. This stark dichotomy highlights the alarming rise of cybercrime, where attackers grow bolder and victims suffer.

Throughout 2023, ransomware tactics escalated dramatically, with hackers resorting to more aggressive methods to demand hefty ransoms. The absence of government regulations against payments only emboldened these criminals, making 2023 a landmark year for their illicit activities.

Let’s explore the key reasons why ransomware gangs are making so much money despite ransom being a cybercrime.

1. Big Cybercrime Business

Ransomware gangs cashed in big in 2023, with known payments nearly doubling to a staggering $1.1 billion, according to crypto forensics firm Chainalysis. This figure marks a “major comeback” for ransomware and sets a new record high. However, Chainalysis warns the actual number is likely much higher due to unreported transactions.

There’s a potential silver lining, though. Despite the banner year for cybercriminals, some experts observed a decrease in payments towards the end of 2023. This trend is attributed to improved cyber defenses and increased skepticism among victims, who are less likely to trust hacker promises of data recovery.

As ransomware remediation company Coveware notes, “better guidance for victims” has ultimately led to “fewer payments for intangible assurances.”

2. Adapting Ransomware

Ransomware gangs are facing resistance! More victims are refusing to pay, but these criminals are adapting. They’re targeting more people, like in the massive MOVEit attack.

Here’s how it worked:

  • Hackers linked to Russia used a new weakness in MOVEit software to steal data from over 2,700 companies.
  • Many victims paid to keep their data private.
  • This single campaign brought in over $100 million, nearly half of all ransomware payments in those months!

But there’s another side:

  • Casino giant Caesars paid $15 million to hackers, hoping to stay quiet.
  • Hotel giant MGM refused to pay, and hackers leaked customer data (names, Social Security numbers, passports!).
  • This attack cost MGM $100 million to recover from and made headlines for weeks.

The point?

  • Even if victims refuse to pay, hackers can still make millions by targeting more people.
  • Companies like Caesars might seem unaffected, but they still face risks.
  • MGM’s case shows how refusing to pay can lead to data leaks and major costs.

So, ransomware is a serious threat, even if victims are fighting back.

3. More Threats

As fewer victims pay ransoms, cybercriminals are getting desperate. Organizations like Caesars might see paying up as a quick escape from bad publicity, but it’s setting a dangerous precedent. Here’s how things are escalating:

Photo by Mika Baumeister on Unsplash
  • “Swatting” Hospitals: Imagine a cancer hospital facing an armed police response due to a fake emergency call orchestrated by hackers trying to extort money. In December, this chilling scenario almost became a reality.
  • Weaponizing Disclosure Rules: Ransomware gangs are exploiting new regulations. The notorious Alphv gang threatened to expose a data breach they claim victim MeridianLink hid, adding pressure to their ransom demand.

These tactics highlight the evolving threat landscape. Ransomware actors are willing to endanger lives and manipulate regulations to get what they want.

4. Not Banning Ransom Payments

Yet another factor contributing to the profitability of ransomware for hackers is that, despite not being recommended, organizations can still choose to pay the ransom — unless, naturally, the hackers have faced sanctions.

The decision to pay the ransom is a contentious topic. Coveware, a ransomware remediation firm, proposes that if a ban on ransom payments were implemented in the U.S. or other heavily targeted nations, companies might cease reporting such incidents to authorities, undoing previous collaboration between victims and law enforcement agencies.

Additionally, the company anticipates that a ban on ransom payments would result in the rapid emergence of a sizable illicit market to facilitate such transactions overnight.

On the other hand, some argue that implementing a comprehensive ban is the only effective method to prevent ransomware hackers from profiting — at least in the immediate future.

Allan Liska, a threat intelligence analyst at Recorded Future, has been a vocal opponent of banning ransom payments for quite some time.

However, he now acknowledges that as long as ransom payments remain legal, cybercriminals will continue to exploit every opportunity to extort them.

Ransomware attacks are escalating not only in frequency but also in their aggressive tactics and the sophistication of the groups orchestrating them.

“A ban on ransom payments will certainly pose challenges and, drawing from past incidents, might initially lead to a spike in ransomware attacks. Nevertheless, it seems that this is the only viable solution with the prospect of long-term success at this point,” commented Liska.

While an increasing number of victims are recognizing that succumbing to hackers’ demands doesn’t ensure the security of their data, it’s evident that these financially incentivized cybercriminals have no intentions of abandoning their extravagant lifestyles anytime soon. Until then, ransomware attacks will persist as a lucrative venture for the perpetrators.

Mitigating the Threats

While bolstering traditional defenses like firewalls and intrusion detection systems is crucial, mitigating the ever-evolving threat of ransomware requires a more multi-layered approach. Here’s how organizations can go beyond basic cybersecurity and build a resilient fortress:

Proactive Defense is Key:

  • Vulnerability Management: Patching vulnerabilities isn’t a one-time event. Implement automated solutions for continuous scanning and patching to close windows of opportunity for attackers.
  • Threat Intelligence: Stay ahead of the curve by subscribing to threat intelligence feeds and conducting threat modeling exercises to identify potential attack vectors and prioritize mitigation efforts.
  • Network Segmentation: Divide your network into smaller segments with restricted access control, minimizing the potential impact of a breach if it occurs.

Empowering People is Your Best Firewall:

Photo by Jason Goodman on Unsplash
  • Security Awareness Training: Make cybersecurity training a continuous process, not a one-off event. Train employees to identify phishing attempts, suspicious emails, and social engineering tactics to become your human firewalls.
  • Phishing Simulations: Regularly conduct simulated phishing attacks to assess employee awareness and identify areas for improvement.
  • Least Privilege Access: Implement the principle of least privilege, granting users only the access they need to perform their tasks, and minimizing the damage caused by compromised accounts.

Data Backup and Recovery is Your Safety Net:

  • Regular Backups: Implement an automated system for regular backups of critical data, stored offline and encrypted to ensure they remain inaccessible to attackers.
  • Test Your Backups: Regularly test your backup and recovery procedures to ensure they function properly and that data can be restored quickly in case of an attack.
  • Incident Response Plan: Develop a comprehensive incident response plan outlining clear steps for detecting, containing, and recovering from ransomware attacks, minimizing downtime and data loss.

Beyond Technology: Collaborative Defense:

  • Information Sharing: Collaborate with industry peers and security organizations to share threat intelligence, best practices, and lessons learned, strengthening the collective defense against ransomware.
  • Reporting to Authorities: Report ransomware attacks to law enforcement to help them track and disrupt criminal activities.
  • Stay Informed: Stay updated on the latest ransomware trends and tactics by subscribing to security publications and attending industry events.

Navigating Future Trends

The ransomware landscape is a dynamic battleground, and attackers are constantly innovating their tactics. Here we look into some key trends that can be expected in the future:

  • Supply Chain Attacks: Expect to see an increase in attacks targeting software supply chains, exploiting vulnerabilities in widely used applications and libraries to gain access to multiple organizations simultaneously.
  • Ransomware-as-a-Service (RaaS): RaaS models, where pre-built ransomware tools and infrastructure are readily available for rent, are likely to become more sophisticated and accessible, lowering the barrier to entry for low-skilled attackers.
  • Ransomware Targeting Operational Technology (OT): Attacks against critical infrastructure and industrial control systems, motivated by disruption and ransom demands, are on the rise.
  • Multi-pronged Extortion: Beyond data encryption and exfiltration, expect attackers to leverage stolen data for further extortion attempts, such as threatening to damage brand reputation, leak sensitive information, or manipulate financial markets.
  • AI-powered Attacks and Defenses: Both attackers and defenders are likely to adopt artificial intelligence (AI) to automate tasks, analyze data, and improve attack and defense strategies.

Ready to Streamline Compliance?

Building a secure foundation for your startup is crucial, but navigating the complexities of achieving compliance can be a hassle, especially for a small teams.

SecureSlate offers a simpler solution:

  • Affordable: Expensive compliance software shouldn’t be the barrier. Our affordable plans start at just $99/month.
  • Focus on Your Business, Not Paperwork: Automate tedious tasks and free up your team to focus on innovation and growth.
  • Gain Confidence and Credibility: Our platform guides you through the process, ensuring you meet all essential requirements, giving you peace of mind.

Get Started in Just 3 Minutes

It only takes 3 minutes to sign up and see how our platform can streamline your compliance journey.

Ransomware
Cybersecurity
Cybercrime
Money

--

--

SecureSlate
SecureSlate

Written by SecureSlate

322 Followers
2.3K Following

⚡ISO 27001 templates 🤩 Information Security Training & Templates Library 😀 https://www.getsecureslate.com/

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams