Font Size: A A A


New ransomware ecosystem

By now, you probably know someone who’s been hit by ransomware. Year after year, both the frequency and intensity of attacks are increasing. As soon as companies tighten up security, it seems that the hackers devise new tricks to breach cyber defences and wreak havoc, writes Jeff Stout Cybersecurity Consultant at BeforeCrypt.

The COVID pandemic has been fuelling this pandemic in cyberspace, as millions of employees have started to work from home, and companies rely more and more on virtual workspaces. But there’s more driving this crisis than just the growing prominence of remote work.

The rise of decentralised, digital currencies like Bitcoin has opened up new possibilities both for legitimate businesses and criminals, and now it seems like this wave of financial innovation is even disrupting geopolitics.

New forms

Bitcoin and other decentralised digital currencies make it possible for hackers to work in ways they never could before. In the past, it was much more difficult for a hacker to sell stolen data, for example. A hacker couldn’t really risk receiving a bank transfer, because it would be easily traceable, and accepting cash in person would also require compromising anonymity.

With cryptocurrencies, there are now marketplaces where all kinds of stolen data, from credit card details to military secrets, are offered up to the highest bidder. Built in escrow services ensure that buyers are happy with what they get before releasing the funds. Review systems allow buyers to rate sellers, just like with eBay or Amazon, so hackers can build up a reputation and earn the trust of more potential buyers.

Of course, the biggest change that cryptocurrencies have brought about is probably the ransoms themselves. Anyone who can dig up dirty secrets on someone can attempt to use it to extort money out of their victims. One ransom-type scam even attempts to tell victims that it has caught them in the act of looking at pornography, and will post a video of it on their social media accounts unless they pay up.

Better organisation

The ability to send and receive online cash payments anonymously doesn’t just work for buying and selling illegal goods— it can also be used for payroll and human resources. This makes it possible for hackers who don’t know each other’s identities to form partnerships, hire employees, and subcontract out services to other hacking groups.

It also means that hackers can more easily receive payment for software they develop, or even provide services to customers on a subscription model. Of course, all of these new revenue streams mean that developers can dedicate much more time to developing sophisticated new ways of cracking the latest cyber defenses.

Ransomware developers have been observed aggressively seeking affiliates, thus building large syndicates. Different ransomware operators compete to tout the features of their software and market it, hoping to attract partners willing to do the dirty work of breaking into networks. After a successful attack, the affiliate splits the ransom with the developer.

Silicon Valley for hackers

If there are markets for stolen data, and even job markets, for hackers now, why not financial markets? After all, hackers are developing software like any other software development company, so they need venture capital, too.

Online communities provide forums where hackers can post their resumes, show off their accomplishments, and offer shares in their next venture in the hopes of attracting investors. And because of the success of ransomware operations to date, wealthy hackers have lots of ill-gotten gains to invest into the next generation of cyber criminals.

This is leading to a kind of arms race, where hackers and cybersecurity professionals are racing against each other— and at the moment, the hackers are outspending the cybersecurity community and winning.


Unfortunately, there’s very little that can be done to stop the crisis, especially since there is a political dimension to it. Many hackers are located in countries like Iran, Russia, or North Korea, where they are either backed by the state, or left alone as long as they don’t target their government’s interests.

This means that for the time being, it looks like elevated ransomware threat will just become the “new normal.” This means that we will have to make fundamental changes in the way we approach cybersecurity.

It’s no longer enough to just install good antivirus software and hope for the best. It’s necessary for every employee who has contact with IT systems to have at least a base level understanding of how cyber attacks work and how to prevent them. This knowledge will have to become a fundamental job qualification, much like other basic computer skills.

Awareness of common phishing tactics, keeping habits like using strong password and two factor authentication, and keeping current with the latest versions of software are all now essential to survival in cyberspace.


Related News