Ransomware Threatens to Assimilate Other Cybercrime

Security research firm Sophos released an interesting and worrying report in early November 2021. The five-second takeaway from the threat report published by Sophos is that ransomware is starting to behave like a supermassive black hole, sucking into its bosom all other cyber threat actors and activities and forming one massive cluster whose ultimate goal is the delivery of ransomware.

It is no secret that ransomware has been the most lucrative form of cybercrime for a good few years now. Ransomware payouts are climbing ever higher every year. The figures for 2021 aren't out in full yet but the previous annual increase in the absolute number of ransomware attacks showed growth of 300%.

The entire landscape of organized cybercrime is shifting and changing as a result of the power and draw of ransomware attacks, Sophos reported. Just like crypto mining is using up the world's entire supply of graphics cards, ransomware is gradually sucking in everyone who deals in organized cybercrime.

Sophos predicted that ransomware will simultaneously become more modular and more homogenized. In this sense, more and more groups of threat actors will provide specific services to the wider ransomware sector. At the same time, large ransomware actors would also provide what Sophos calls "playbooks", so ransomware affiliates can execute attacks that are similar in structure.

Ransomware is already highly compartmentalized, with different groups offering to sell backdoors and network infiltration tools, with others responsible for payload delivery, all of them acting as worker bees for the top-level group that develops the ransomware in question and maintains its infrastructure and servers.

Another scary thing to consider is that certain influential ransomware groups now have the money and power to directly purchase zero-day vulnerabilities to abuse in infiltrating targets. This was previously something that only state-backed advanced persistent threat actors had the resources to obtain. With ransomware gangs getting rich enough to shop for dangerous zero-days the threat landscape is getting what Sophos called "distorted".

How ransomware trends develop in 2022 remains to be seen, but one thing is certain - the battle to stay ahead of ransomware-focused threat actors is not going to be getting any easier.

November 19, 2021