Ransomware has matured significantly over the previous decade or so. Initially thought to be a relatively basic virus that could be contained on a floppy disk, it can now damage global business infrastructures, stop healthcare systems dead in their tracks, mess with fuel supply networks, and disrupt transportation infrastructure.

Its simplicity is what makes it so appealing to criminals. The attacks don’t have to be very sophisticated to cause significant harm and extort ransom payments. As a result, the frequency of these attacks is increasing at an alarming rate.

Ransomware attacks are particularly dangerous because they are continually evolving. However, the most troublesome detail about these events is that companies are willing to pay ransom in hopes of keeping their systems and processes safe from further malicious behavior, such as the criminals’ threats to publicize confidential corporate information that was stolen as part of the attacks.

But does this willingness to pay ransom really help businesses ensure the safety of their data? Or is this protection payment having the opposite effect?

How Do Ransomware Criminals Access Enterprise Data?

Recent years have seen the emergence of “ransomware as a service” (RaaS), where attackers pretend to be legal businesses. Through their registered companies, they pretend to help with IT-related issues, but that’s only a front for renting out malware and other services.

Some cybercrime gangs create helpdesks to negotiate ransom demands and royalties, aid the victim in purchasing cryptocurrency and assist them in decrypting the material stolen from them. Others use an affiliate model, in which they distribute the malware, receive the payment from their victims, and then remit a portion of the money collected to the software’s inventor.

Despite the glitzy SaaS facade of the RaaS sector, the fundamental basis of ransomware stays the same: attackers target a victim before demanding (Read more...)