The big news in ransomware this month was the FBI’s takedown of the Russia-based Hive Ransomware-as-a-Service (RaaS) group. This group, which was known for its particular tendency for attacking hospitals and schools, extorted over $130 million from its victims.
Many have celebrated the operation as a win in the fight against ransomware. Unfortunately, these cheers are indeed ill-founded as the ransomware business interruption caused by the bust will be minimal.
Hive will likely regroup to form a new organization and be back up and running within a matter of weeks, but more than that, the RaaS market is expansive and with the number of options intrusion groups have in the space, the loss of one, even one as prolific as Hive, is not going to have any major impact on operations.
Furthermore, the ransomware business sector is rapidly expanding. The lingering effects of the pandemic, recent tech lay-offs, and growing economic hardship across the world, dark web job markets have grown in an attempt to draw in disgruntled talent. Hacker groups are seeking out developers, attackers, designers, analysts, and more, offering salaries of up to $20,000 a month alongside flexible working hours, bonuses, paid vacations, and other benefits.
The standard playbook of ransomware attacks is changing as well. Companies have become more ransomware-proof with offsite backups, increased network visibility, and tested incident response procedures. This means that far less are paying ransoms like they did in the past because they know they are resilient to having their data encrypted and inaccessible. The attackers are adapting.
Instead of solely encrypting data of a company and demanding payment for a decryption key, RaaS groups now ensure they exfiltrate the data as leverage against a company, threatening to leak or sell the data if the company does not pay the ransom. With the increasing regulatory landscape that permits higher and higher fines for this kinds of leaks and the reputational damage that comes along with a data leak, groups are more likely to receive payment than if they solely lock up the data and make it impossible to access.
As this trend unfolds, it is important to stay on top of the landscape and ensure your organization is protected against these attacks. While it is beneficial to the entire community that businesses have significantly increased resiliency to ransomware attacks, it cannot stand idle as the attackers innovate.