Ransomware remains a real threat for organisations, with more than 493m attacks in 2022 alone, down from 2021 but far above the amount in the preceding years. And one of the reasons that it remains a threat is because of the ability of ransomware gangs to evolve their methods.
Here are four ways ransomware has evolved in recent years.
1. More targeted attacks
Ransomware gangs are now undertaking more targeted attacks, looking to infiltrate networks via hacking or other means. This enables them to then gain administrative privileges before encrypting that information and asking for a ransom payment. Their methods to extract payment are also evolving, with many now releasing data bit by bit to put pressure on the target to pay.
2.Specialisation
It is not uncommon for cybercriminals to now outsource elements of their work to trusted third parties who have expertise in a particular area. Ransomware-as-a- Service (RaaS) is becoming a popular way for criminals with little to no knowledge of how to develop ransomware, to carry out successful attacks anyway. Outsourcing to specialists also makes criminal gangs more resilient to law enforcement takedown, as they can work in a more streamlined way, and also makes them more difficult to trace.
3.Using different programming languages
Some cybercriminals are moving away from more conventional programming languages when developing ransomware to more unusual ones, such as Rust, Go and Swift. This means they can more easily evade end point solutions, and it also makes them harder to spot once they’ve infiltrated a network. This allows them to stay longer and potentially do more damage. In some instances, it also helps them to scale the ransomware more quickly as they can write code for multiple operating systems.
4. New ways of generating revenue
Building on the RaaS model, some developers are now selling undetectable bootloading tools on the black market. Previously, these were only available to experienced hacking gangs or nation states and military, but now anyone can buy them. This type of ransomware is particularly insidious as it loads when the computer boots up and then embeds itself into the firmware, allowing it to remain undetected.
Criminals who develop ransomware are constantly evolving their methods to try and evade detection. This means those in charge of IT security within organisations need to stay on top of these changes to have a better chance of protecting the business from these types of threats.