The Evolution of Ransomware

By Tyler Wise

Aprial 19, 2023

The Evolution of Ransomware

Ransomware was one of the most profitable cybercrime activities in Australia in 2022 accounting for 447 reported attacks in the 2022 financial year, is one of the cybercrime areas that take a significant amount of our internal resources, and are an equally common contact point. However, there has been a slight downturn in the amount of Ransomware cases we are seeing, and this partly as a result of increased user awareness, and not falling prey to the social engineering attacks that are often a predecessor to the actual encryption process, and also, likely as a result of the reduction in crypto currencies at the end of the 2022 year.

However, as the cyber economy changes so do the cybercriminals, and they have zeroed in one people's number one vulnerability. Being exposed. A staggering amount of ransomware victims that contact Cyberwise end up choosing to pay the criminal hoping that the information is not leaked and that they can return to business as usual quickly. The former ransomware model was that if you paid your information would not be leaked, but it would still be broadcast that you suffered an attack - which can be just as damming for a business as losing the data, especially when a majority of our clients rely on their reputation as part of their business success model.

Many of our Australian clients / victims are caught under the Australian Privacy Act and therefor the Notifiable Data Breach regime is applicable to them, however, sadly, few choose to comply with this and choose to let their attacks sit on the dark web, hoping no-one will know - but that never ends well. The OAIC will eventually come knocking, and you may have some difficult questions to answer, from them, and your clients after you provide them a significantly delayed update.

We have negotiated on behalf of some with the cyber criminal to pay a higher ransom (yes, it's true) and have all details of the attack removed from their dark-web site. Effectively the victim is choosing to pay a premium to simply get back to business and hope that no-one else saw. Our advice is to never pay the ransom, and it is through gritted teeth that we undertake any negotiations with a criminal, however, ultimately we are engaged to assist our clients in any matter they require, and our engagement clearly stipulates our level of responsibility and their expected reporting requirements.

It would not be expected that Australian victims are the only ones doing that, and as a result we are witnessing an evolution of ransomware tactics whereby they are evolving to flat out extortion, understanding the market they operate in that data and reputation risk represents a higher pay off. As a result of this pivot it is possible that a victim may not be aware that an attack has even occurred until some time after it, as the criminal waits and collects sensitive information to launch their extortion attack. The success of these attacks comes down to awareness and education internally, and being able to spot a social engineering attack, as well as ensuring all of your systems are secure and updated. Failure to have an awareness of attack vectors, and outdated systems, places you at significantly higher risk than needs to be.

As cyber criminals evolve, so must society, and whilst some larger scale attacks have increased awareness, they have also been responsible for a level of complacency, and so do not let yourself fall in to a false sense of security. It is time to harden the protection of your data, and ensure all of your business stakeholders have strong cybersecurity education and awareness! It is on all of us to lead the charge against cybercrime and it starts now.