Complex RansomOps fuel explosion in 2021

Cybereason published a new report, titled RansomOps: Inside Complex Ransomware Operations and the Ransomware Economy, which examines how ransomware attacks have evolved from a cottage industry years less than 10 years ago into a multi-billion dollar mega industry today. With increasing sophistication behind RansomOps attacks, ransomware syndicates are reaping the benefits with record profits, making it open season on public and private sector organisations of all sizes.

Ransomware attackers early on relied on “spray-and-pray” tactics to target mostly individuals where ransom demands were relatively small compared to what we began to see in 2020-2021. With the emergence of RansomOps that are complex and akin to the stealthy operations conducted by nation-state threat actors, ransomware attacks have become harder to defend against for most organisations, and emboldened threat actors have driven up their ransom demands as more and more organisations choose to pay.

“A shift by the ransomware gangs from wide-spread to targeted attacks against organisations that have the ability to pay multi-million dollar ransom demands has fueled the rise in attacks in 2021. No two RansomOps attacks garnered more publicity last year than those on Colonial Pipeline and JBS Foods. Unfortunately, we can expect to see a continued increase in attacks in 2022, with ransom demands increasing and critical infrastructure operators, hospitals and banks having targets on their backs,” said Lior Div, Cybereason CEO and Co-Founder.

The new report details the four components of RansomOps:

  • Initial Access Brokers (IABs): Infiltrate target networks, establish persistence and move laterally to compromise as much of the network as possible, then sell access to other threat actors
  • Ransomware-as-a-Service (RaaS) Providers: Supply the actual ransomware code, the payment mechanisms, handle negotiations with the target and provide other “customer service” resources to both the attackers and the victims
  • Ransomware Affiliates: Contract with the RaaS provider, select the targeted organisations and then carry out the actual ransomware attack
  • Cryptocurrency Exchanges: Launder the extorted proceeds

To Pay or Not to Pay A previous Cybereason report, titled Ransomware: The True Cost to Business, revealed that 80% of organisations that paid a ransom were hit a second time, many times by the same threat actors. Instead of paying, organisations should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy. There are a variety of other reasons for not paying, including:

  • No guarantees of retrieving data: Paying the ransom doesn’t mean that you will regain access to your encrypted data. The decryption utilities provided by those responsible for the attack sometimes simply don’t work properly. In the case of Colonial Pipeline in 2021, the company paid a $4.4 million ransom, received faulty decryption keys from the DarkSide Group and had to activate their backups to restore systems.
  • Legal implications: Organisations could end of paying steep fines from the US government for paying ransomware actors that sponsor terrorism. In addition, supply chain ransomware attacks that impact an organisation’s customers or partners would result in lawsuits from the impacted organisations.
  • Incentivising ransomware attacks: Organisations who pay ransomware attackers send the message that the attacks work and it continues to fuel more attacks and higher ransom demands. Like Cybereason, the FBI advises that organisations refrain from paying ransoms because it simply emboldens malicious actors by telling them that extortion works.

“Ransomware remains the top cybercrime threat and continues to cause significant damage, disruption and financial losses. With criminals seeking to maximise their illicit gains by exfiltrating and exploiting the victim’s data before it gets encrypted, ransomware is an evolving threat and presents a serious cybersecurity risk that requires a networked response. This must include law enforcement and public-private-partnerships such as the No More Ransom initiative,” added Phillip Amann, Head of Strategy European Cybercrime Centre (EC3), Europol.

To read more exclusive features and latest news please see our Q1 issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Copyright: Security Buyer

ASIS UK Launches “Security is You(th)” Hackathon

ASIS International UK has launched Security is You(th), an initiative designed to engage students and early-career professionals…
Image provided by Veeam

AI and Ransomware: Cutting Through the Hype

Rick Vanover, Vice President Product Strategy, Veeam discusses how It might be the great paradox: Artificial Intelligence (AI)….
Copyright: Security Buyer

AmiViz Partners with Titania

AmiViz announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing…
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
blackhat

Black Hat Europe Starts Soon

Black Hat Europe starts Monday and now is the perfect time to start planning your experience. With a full lineup of Keynotes…

VIVOTEK’s All-in-One Software Boosts Operational Efficiency for Enterprises

As demand for high-efficiency security systems rises among large enterprises, the global leading…
Assa Abloy website

WTC Amsterdam enhances security and efficiency with digital access solution

The World Trade Center (WTC) Amsterdam, home to over 300 companies, has upgraded its building security with a streamlined, digital access solution from ASSA ABLOY.
John Maddison website

Fortinet launches Lacework FortiCNAPP to enhance cloud-native security

In an advancement in cybersecurity, Fortinet has announced Lacework FortiCNAPP, providing organisations with visibility and security.
GITEX Global 2024 website

GITEX GLOBAL 2024: AI revolution drives strategic tech innovation

GITEX GLOBAL 2024 concluded on Friday, showcasing artificial intelligence (AI) as a transformative force driving business and economic growth
Scroll to Top