Ransomware has become a successful service-based business model, what follows is diversification, innovation, and growth warns BNP Paribas Group Head of Cyber Risk Intelligence Jules Pagna Disso
When AIDS researcher Joseph Popp sent 20,000 floppy disks infected with rudimentary ransomware to international colleagues by mail he probably didn’t know that he was inventing a new genre of cybercrime.
Of course, ransomware has become significantly more complex since 1989. Today, criminal gangs have taken on the structure of corporate businesses, offering their ransomware for hire. In a perversion of a common business acronym, this is now known as ‘ransomware as a service’ (RaaS).
Sadly, these enterprising criminals have been extraordinarily successful. An affiliate of the notorious Russian-speaking cybercriminal organization known as REvil recently demanded more than USD 11 Million after a successful attack on a Brazil-based meat processing plant.
Ahead of Corinium’s upcoming in-person event CISO London, we spoke to BNP Paribas’ Group Head of Cyber Risk Intelligence Jules Pagna Disso about the spike in ransomware attacks since the onset of the pandemic and what the future holds for ransomware.
Modern ransomware is efficient and sophisticated
While ransomware has been around for more than 30 years, it has become an increasingly serious problem for large-scale businesses over the last decade.
The internet, of course, has had a huge impact. But other factors have influenced the growth of ransomware, like the greater potential for return on investment compared to larger-scale cyberattacks.
“It’s not that easy to learn your way around a computer system, learn to navigate it and get to the controls. But it is a lot easier if you find one vulnerability, exploit it and then try get the most out of it,” says Pagna Disso. “So, there is more return in executing a ransomware attack than trying to execute a full-length attack.”
Cybercriminals have also stepped up phishing campaigns and brute force password spraying attacks during the pandemic to try to gain access to the ‘holy grail’ for cybercriminals – the administrator account.
“A lot more people have been working from home [in the pandemic]. And that gave cybercriminals potential access to a lot of administrator accounts,” says Pagna Disso.
He continues: “If you have a remote session of an administrator there is nothing else you really need to do. You can use the same privileges to broadcast your malicious file across the whole domain, just as if you were pushing an update.”
To Pay or Not to Pay
Businesses who fall victim to a successful ransomware attack can find themselves in an almost impossible situation. Pay, and tacitly support a criminal enterprise. Or don’t pay, and suffer the consequences.
For some businesses losing access to their data and their systems may pose an existential threat. As a result, many cybercriminals do ultimately succeed in extracting payments.
However, such payments create profit for cybercriminals. This creates an incentive to scale up operations and diversify, much as a legal business would.
“Putting large payments into the hands of a criminal group really empowers them to expand at a very large scale and very rapidly, which is a big problem,” Pagna Disso says.
The lesson for businesses, Pagna Disso believes, is to invest in cybersecurity tools and processes to avoid having to make that extremely tough decision.
‘I think companies could be a bit more responsible in that regard,” he says. “You could spend less than [the ransom] to protect themselves from ransomware, or at least to significantly reduce the risk.”