In one of the most unexpected stories of recent months, ransomware businesses are suffering the same fate as many ‘above board’ tech companies as layoffs reportedly begin to ripple through organised crime groups. Despite ransomware’s reign of terror in recent years, nothing can stay the same forever in such a burgeoning industry. Unaffected by the wants and needs of stakeholders, ransomware groups are experiencing new volatility that could affect the course of the entire underground industry.
One thing is definite; ransomware is changing. Where will it go next?
Here are three potential outlooks for the industry – and how organisations can be prepared for them all.
1. Strong cybersecurity awareness could burst ransomware’s bubble
Recent years have delivered a stratospheric rise in big game ransomware hunting, but could the ransomware reign of terror have already hit its peak?
The Russian hacking group Conti – responsible for the highly successful 2022 attack on the Costa Rican government’s network – laid off 45 call-centre operators last year, as they failed to make money. It’s a sign that all is not well in the ransomware industry, and many are chalking this up to the success of today’s cybersecurity and training.
Companies are increasingly mature when it comes to security awareness – and are using this maturity to make good decisions about cybersecurity technologies, staff training and much more. So too are governments. For instance, the US is now pushing software providers to deliver safe code with minimum standards. If businesses can increasingly trust their cybersecurity vendors, they can commit more time to internal training to bolster zero-trust attitudes.
However, it is no time to rest on your laurels. To continue bursting the bubble of ransomware, organisations must understand that this is a game of cat and mouse – when defences rise, the ransomware industry immediately works to overcome them. Train your teams up to understand every possible route into your system, and then deploy top-quality cybersecurity systems to monitor these 24/7/365.
2. Ransom refusal might wipe out the industry
Ransomware thrives on the shock and panic factor. But could this be wearing off?
A study recently revealed that ransomware groups had a 40% drop in earnings from 2021 to 2022. At the same time, there’s been a dramatic rise in organisations who are unwilling to pay out.
Where once attackers could almost guarantee that the shock of an attack would scare their victims into submission, this is no longer the case. For some, refusing to pay is because of the well-publicised connection of some attackers to sanctioned groups; for others, it’s the lack of a guarantee that attackers will stick to their word and release the data; and others simply weigh up the extraordinary cost of ransoms with the cost of losing the data.
This trend looks to be accelerating, in no small part due to the law. Gartner has reported that, by 2025, nearly a third of all countries will adopt laws governing ransomware. A mandate that makes it illegal to pay could scupper the whole ransomware industry. Indeed, when the same law was made in the case of physical kidnapping, the crime dramatically reduced in the following years.
A united front is making an impact. To keep this up, businesses must prepare for the very real possibility of an attack by making a plan. This at least will eliminate panic and allow for a rational response.
It starts with visibility. You can’t make good decisions if you don’t know what you have. This means taking inventory of your electronic assets (fixed, portable, or mobile), and understanding what data you possess that could be valuable to attackers. Even the smallest snippets of personal data could be worth something if ransomed. From here, each business must decide, based on the facts, what response they should have in a ransom situation.
3. The ransomware industry could mutate and evolve
Like any industry, ransomware is growing and maturing. New business models, fresh talent, and criminal creativity are seeing dangerous new changes come to the fore. Businesses must keep up.
Ransomware was once reserved for smart, technical underground coders. This is no longer the case. Ransomware as a Service (RaaS) is a new wrinkle in an old threat, as anyone can now deploy sophisticated threats for an affordable price. RaaS providers deal in expertise and are rarely known to their clients to avoid detection and prosecution. Business is booming, and law enforcement has not yet cracked this new industry.
Cyber insurance is also changing the way attackers do business. Today, many attackers – including top groups like Lockbit – cite the value of a businesses’ policy in their ransom, to give them the best chance of receiving a payout. It’s putting pressure on the cyber insurers, who may pull policies, and businesses, who are looking for answers about whether cyber insurance is setting them up for a fall.
Small and medium sized enterprises (SMEs) are increasingly the target of ransomware – both from international ransomware groups and small-time phishers. Even the remotest of local businesses are being attacked. Could it be that these organisations are perceived as less connected and more likely to pay up to make the problem go away? Perhaps. Attackers have certainly considered every approach, no matter the moral consequences.
Defending against a vast host of new attack techniques is more than tricky for businesses, especially those of small size without a security team – let alone even an IT team.
However, even the smallest of security steps can make a difference. For instance, legacy IT often plays fast and loose with valuable data. If security is added on, it’s often an afterthought, rather than being baked in. Turning to the cloud could be a great alternative to insecure on-prem systems; the cloud has many valuable security aspects (though they’re not always enough to protect data alone).
Similarly, an overly complex approach to cybersecurity training and awareness is making employees look for shortcuts and fail to exercise the best practices when it comes to security. Organisations must make it far easier for staff to understand why they need to do certain practices, such as multi-factor authentication, and the benefits it will bring in the long-term. Unlocking and promoting the benefits of positive cybersecurity culture where each individual takes some ownership over their own cyber hygiene is the new security gold standard.
We can’t tell the future, but we can prepare
It may remain a highly complex industry, but what’s clear is that ransomware is evolving at pace.
Which direction it will go in, we cannot yet tell. However, the principles remain: preparation is key.
If organisations are aware of the data they possess, and the value it could have to attackers, protecting it becomes a clearer, more urgent task. From here, educating teams across the business to store and share data safely is a strong start, and deploying systems which allow for continuous monitoring of threats sets up a protective barrier for the business.
As ransomware changes, keeping an ear to the ground is vital. Only with this vigilance can ransomware attacks be stopped in the long term.
