Ransomware as a self-sustaining industry in criminal underworld


Ransomware affected 12 million employees and cost companies over $4 trillion dollars in six months of 2020 alone, a survey by NordLocker finds.

Defined as a type of malware, ransomware encrypts the victim’s files and demands a ransom to decrypt them – usually in the form of cryptocurrency. It’s both highly effective and lucrative for cybercriminals as it provides access to data and offers quick financial gains.

NordLocker suggests that it’s the biggest threat businesses currently face. Big attacks like those on Colonial Pipeline and meatpacker JBS put ransomware under the spotlight, making it key to threat actors’ operations.

ADVERTISEMENT

“Ransomware has become its own self-sustaining industry,” said cyber-analyst Tenable. “Previously, attacks were perpetrated by the same ransomware groups that developed and propagated the malware, but the advent of RaaS has attracted multiple players.”

NordLocker’s report analyzed attacks on 5,000+ companies worldwide that occurred between January 2020 and July 2022, recording over $4.15 trillion in losses and 12 million+ affected employees.

Despite ransomware affecting companies in almost every sector and every country, Western nations suffer the most – likely, due to their accelerating economies and the financial capabilities of local organizations. The US, Canada, and the UK are the three most targeted countries.

Within the US, California, Texas, Florida, and New York top ransomware reports, with Michigan also featuring high following statistical adjustments. Looking for a ransomware-free place to do business? Consider Missouri and South Dakota, which are approximately 10 times safer for companies.

Although organizations in any industry can be susceptible to ransomware, manufacturing, construction, and transportation/logistics seem to lead as the preferred targets for threat actors. Additionally, a company’s size seems to make little to no difference: organizations worth less than $1 million suffered almost as many ransomware attacks as those worth $500 million to $1 billion.

“Ransomware has been employed for decades, but never at the level it is used today. Last year, some businesses faced ransom demands of $30 million. Ransomware is effective because most companies are ill-equipped to deal with it,” the report explains.

But who is behind those attacks? LockBit seems to be in the lead, responsible for 855 attacks, followed by Conti with 796 attacks and Pysa with 311 attacks. The latest ransomware report by threat intelligence firm Digital Shadows also showed that in the second quarter of 2022, LockBit was the most active group by an overwhelming margin.

ADVERTISEMENT