Defeating the stranglehold of the ransomware mafia

The stunning successes of ransomware attacks over the years have led to the emergence of a well-oiled and organised ransomware mafia that has turned the dangerous art into a full-fledged and dedicated occupation.

Businesses and consumers can defeat the stranglehold of the ransomware mafia by sharing their collective experiences, knowledge and awareness to disarm cyber criminals.

A detailed report released by security firm Malwarebytes has revealed that the number of ransomware detections across the world grew by a stunning 1,989% since 2015, with average monthly ransomware detections growing by 94% since last year. Hundreds of thousands of ransomware attacks have been detected so far this year compared to just 16,000 in September 2015.

These figures reveal how ransomware attacks have become the weapon of choice for the ransomware mafia that includes cyber criminals, cyber thieves, and nation states who are not only aiming to extort money from helpless victims, but also to encrypt sensitive data and shut down operations at businesses and large enterprises.

Earlier this year, Malwarebytes also revealed that modern ransomware attacks not only exploit weaknesses in Windows devices, but also in millions of Android and Mac devices. A research conducted by the firm detected more malware attacks on Macs between May and June than observed in all of 2016.

Similarly, the firm detected a 100% rise in Android ransomware detections in 2017 compared to last year. The detections also rose by 137.8% from Q1 to Q2 globally. It noted that three ransomware families, namely Jisut, SLocker, and Koler, accounted for over 95% of all ransomware detections this year, thereby signifying the threat that they pose to businesses and government organisations globally.

According to Marcin Kleczynski, CEO of Malwarebytes, such ransomware attacks are being carried out by four different groups of cyber criminals, namely traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire. All these hackers, who form part of the global ransomware mafia, may have diferent motives, but the impact of their operations is being felt by businesses all over the world, many of whom have been unable to recover following devastating ransomware infections.

‘These new syndicates are characterized by: the presence of an organizational structure akin to crime families, the sophistication of hacking, the emergence of a highly professional service economy for cybercrime, and the co-option of these services by ideological groups and nation-states,’ Malwarebytes noted.

‘Collectively, these gangs form an incredible diverse, incredibly dangerous set of online operators, with motivations as different as their backgrounds,’ it added.

Is there a way to defeat the ransomware mafia?

According to Malwarebytes, the best ways for businesses and consumers to fight back against the ransomware menace are creating proactive defences, creating greater collective awareness, and sharing knowledge and best practices.

‘Through greater vigilance and a comprehensive understanding of the cybercrime landscape, businesses can support the efforts of legislators and law enforcement, while also taking matters into their own hands,’ says Kleczynski.

The firm also adds that the practice of shaming businesses that have been unable to defend themselves against ransomware attacks is encouraging such businesses to hide such atacks from the public and paying off cyber criminals to save their data. Instead, such businesses should be engaged with to ensure that a solution to the menace can be found.

‘Public shaming of the victims is a mistake. It may be that they have done nothing wrong. No one is immune. It is much better if it is treated as a learning experience and people share what has happened to them. That’s how we will stop the criminals, by knowing as much as possible about the attack, as soon as possible,’ said a Malwarebytes researcher.

‘Knowledge, awareness and intelligence are our best weapons against the new gangs of cybercrime. Given the fragmented, global nature of cybercrime, individuals and businesses have to play an important role alongside law enforcement agencies governments and other bodies in thwarting this activity.

‘Rather than sit back and minimize the blow from cybercrime, individuals and businesses must take the same actions that previous generations of vigilantes once did against the fearsome syndicates of their day: fight back,’ the firm added.