The Future of Ransomware – Noticias de seguridad

 Timeline of ransomware changes

Figure 1. Timeline of ransomware changes

In our research, ransomware’s history provides varying insights into the longevity and changes of cybercriminal business models. The timeline offers a perspective on specific points: changes on threat actors’ objectives of extortion, the mass market deployments to prioritize quantity in returns, law enforcement’s potential responses and actions, the development of currency and money laundering facilitation platforms vis-à-vis attacks’ expansion, and cybercriminals’ accumulation of skillsets and technical learning curves in relation to other cybercrimes, among others. Compared to traditional theft- and resale-based cybercrime business models in terms of popularity, this summarized history of ransomware ran in parallel and surpassed other business models through the years.

The differences in previous ransomware deployments’ goals wherein users were simply threatened and files were encrypted, to the targeted attacks with multiple extortion avenues, are staggering in terms of downtime, ransom, and recovery costs. At present, we consider the most dangerous ransomware attacks to involve targeted intrusions with ransomware payloads. From this standpoint, we see ransomware actors and their business models as having been anything but static. These attacks also shed light on the fact that defense solutions should not focus on the final payload’s delivery and execution but as far left to the infection chain as possible.

Today’s modern ransomware routines have building blocks that threat actors change at different points of their attack deployments, dependent on the research done on and the environment of the targets. Click on the buttons to know more about these building blocks.

  • Initial access

    Entry into the network can be established in multiple ways: previous infections from mass emails with backdoor payloads, social engineering, vulnerabilities in internet-facing computer servers, and purchase of data from the underground, among other means.

  • Lateral movement

    Attackers go deeper in the network for access to systems with standard or customized hacking tools.

  • Privilege escalation

    Attackers go deeper in the network for access to systems with…