AMEOT Reports: Understanding Ransomware Families: A Deep Dive
Ransomware has become one of the most prevalent and damaging types of cyberattacks in recent years. These malicious programs encrypt a victim's data and demand a ransom for its release. Despite efforts to combat ransomware, it continues to evolve, with new families emerging and existing ones adapting. In this blog, we’ll explore the landscape of ransomware families, their revenues, frequency and scale of attacks, longevity, and the reasons they are likely to persist.
Revenues
Ransomware has proven to be a lucrative business for cybercriminals. According to Cybersecurity Ventures, ransomware damages were predicted to cost the world $20 billion in 2021, up from $11.5 billion in 2019 . This staggering growth highlights the profitability of ransomware operations.
One of the most notorious ransomware families, REvil (Sodinokibi), reportedly made over $100 million in 2020 alone . DarkSide, another infamous group, extorted $4.4 million from Colonial Pipeline in 2021, illustrating the high stakes involved .
Frequency and Scope of Attacks
Ransomware attacks are frequent and widespread. A report from SonicWall revealed that there were 304.6 million ransomware attacks in the first half of 2021, nearly surpassing the total number for 2020 . These attacks target a range of sectors, from healthcare and education to critical infrastructure and government agencies.
The scale of these attacks can be massive. For instance, the WannaCry ransomware attack in 2017 affected more than 200,000 computers across 150 countries, causing billions in damages . Similarly, the NotPetya attack the same year inflicted over $10 billion in damages globally, affecting major corporations like Maersk and Merck .
Longevity of Ransomware Families
Ransomware has been around for decades, but it has evolved significantly. The first known ransomware, the AIDS Trojan (PC Cyborg), emerged in 1989. However, modern ransomware began to take shape in the mid-2000s with the advent of more sophisticated encryption techniques and anonymous payment systems like Bitcoin.
Ransomware families such as CryptoLocker (2013), Locky (2016), and Ryuk (2018) have each had significant impacts. Despite efforts to dismantle them, these families often rebrand or spawn new variants. For instance, the creators of the infamous CryptoWall ransomware have continued to release new versions under different names .
Why Ransom Attacks Will Continue
Several factors contribute to the persistence and evolution of ransomware attacks:
- Financial Incentives: The high profitability of ransomware ensures that cybercriminals remain motivated. The low risk and high reward nature of these attacks make them appealing.
- Anonymity: Cryptocurrencies like Bitcoin provide a degree of anonymity that helps cybercriminals evade law enforcement. The decentralized nature of these currencies makes it difficult to track and seize ransom payments.
- Adaptability: Ransomware families are highly adaptable, often incorporating new techniques to bypass security measures. For example, the Ryuk ransomware uses sophisticated obfuscation techniques to avoid detection .
- Global Reach: The internet allows cybercriminals to target victims worldwide. This global reach means that even if efforts are successful in one region, attackers can shift their focus elsewhere.
- Ransomware-as-a-Service (RaaS): This model allows less technically skilled criminals to launch ransomware attacks by purchasing kits from more experienced developers. This democratization of ransomware further expands its reach .
Conclusion
Ransomware continues to be a significant threat to organizations worldwide. The high revenues, frequent and widespread attacks, adaptability of ransomware families, and the financial incentives for cybercriminals ensure that these attacks are not going away anytime soon. Organizations must invest in robust cybersecurity measures, including solutions like AMEOT Sentry, to protect themselves from these persistent threats.
For more details on how AMEOT Sentry can protect your organization and to explore tailored cybersecurity solutions, book a 30-minute call with us here.
Best regards,
Andre Smith
Director of Technology, AMEOT
Book a 30-minute call
References:
- Cybersecurity Ventures. (2021). "Global Ransomware Damage Costs Predicted To Exceed $20 Billion (USD) By 2021." Link
- Cybersecurity Ventures. (2019). "Official Annual Cybercrime Report." Link
- ZDNet. (2020). "REvil ransomware gang claims $100 million profit in one year." Link
- CNN. (2021). "Colonial Pipeline CEO tells why he paid a $4.4 million ransom to hackers." Link
- SonicWall. (2021). "2021 Cyber Threat Report." Link
- BBC. (2017). "WannaCry ransomware: What we know." Link
- Wired. (2018). "The Untold Story of NotPetya, the Most Devastating Cyberattack in History." Link
- Symantec. (2015). "The Evolution of Ransomware." Link
- CrowdStrike. (2019). "Ryuk Ransomware: Analysis and Insights." Link
- Palo Alto Networks. (2021). "The Rise of Ransomware-as-a-Service." Link