When is cybercrime successful? When the crooks run it like business.
Recent developments in ransomware.
LookingGlass has published a report on attacks by organized ransomware gangs during the first half of 2022, finding that these groups continue to grow increasingly professionalized.
Ransomware gangs function like businesses.
The researchers point out the similarities between ransomware gangs and legitimate technology businesses:
“Groups have started to incorporate business practices such as finance departments, human resources, and even naming employees of the month. These are not the loosely affiliated groups of the past; rather, they are highly professionalized organizations with quarterly revenue targets and even customer service teams. Since the average ransomware payment is now at $812,360, according to Sophos, it should come as no surprise that these groups are looking to evolve and benefit from it.
“In addition to serving their customers, ransomware organizations want to make profit, just like any other business. Ransomware enterprises have been known to set up payment plans and other arrangements to ensure the ransom is paid. They also want to convince victims that paying up is their best option in the first place. They even have bug bounty programs to point out errors in their code; LockBit launched the first one in June 2022 and paid out a bounty of $50,000 to a researcher in September.”
The top players are the most organized.
LookingGlass notes that the majority of targeted ransomware attacks in the first half of 2022 were launched by the top fifteen most active gangs:
“LockBit was by far the most active ransomware group in the first half of the year. The group targeted 215 victims in Q1 2022 and 191 victims in Q2 2022 across all industries and geographies. Conti took second place in Q1 with 99 victims; they dropped to fourth place in Q2 when they disbanded following Conti Leaks. Alphv took third place in Q1 with 46 victims and took second place in Q2 with an 11% increase to 51 victims. Hive (38 victims) and Vice Society (17 victims) rounded out the top five most active groups in Q1.”