Skip to content

Cybercrooks using ransomware as a big-bucks business model, expert says

Ransomware variants are on the rise globally.
Fighting cybercrime has become part of doing business.

A B.C. cyber detective says cybercrooks are constantly updating their playbooks to stay ahead of government and business organizations as their enterprises become more enmeshed with organized crime.

In fact, ransomware attacks where data is hijacked on an infected computer and held for ransom have become more common in the past year, according to Vancouver-based Derek Manky, chief security strategist and vice-president of global threat intelligence at FortiGuard Labs.

“It’s a big business model,” he said. “It’s just getting bigger. ... Canada is not exempted.”

FortiGuard’s most recent Global Threat Landscape Report found that in the past six months, there have been a total of 10,666 ransomware variants globally, compared to just 5,400 in the previous six-month period.

Ransom attacks have become something of a business known as "Ransomware as a Service" — or RaaS.

RaaS is a subscription-based model that allows partners to use ransomware tools that have already been developed by someone else to execute attacks, Manky said. Those affiliates get a percentage of the profits, sometimes up to 80% if the attack is successful, and everybody else gets their cut.

Manky called it a “pay-per-infection model.”

“It’s like a pyramid scheme,” he said. “That’s happening everywhere. That’s what’s driving the variants of ransomware.”

It’s all part of the booming cybercrime ecosystem generating a trillion dollars a year, Fortinet said.

“This has led to an increase in cyberattacks that affect thousands of organizations in a single incident,” the company said in an October 2021 blog. “The result is that we are now at an important inflection point for the war on cybercrime.”

Manky said such criminals work persistently to outwit the defences of government, business and individuals.

“They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure a better return-on-threat investment,” he said.

To combat these advanced attacks, Manky said organizations need integrated security solutions. Those security solutions can help analyze real-time threat intelligence, detect threat patterns and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks.

Ransomware remains the most significant threat in the cyber realm, he added.

[email protected]