Ransomware driving ‘professionalisation’ of cyber crime

The success of ransomware gangs has spurred a significant trend of professionalisation amongst cyber criminals where different groups develop specialised services to offer one another, according to a new report from WithSecure.

The firm highlights the current dominance of multi-point extortion ransomware groups, which employ several extortion strategies at once – usually both encryption to prevent access to data and stealing data to leak publicly – to pressure victims for payments.

According to an analysis of over 3,000 data leaks by multi-point extortion ransomware groups, organisations in the US were the most common victims of these attacks, followed by Canada, the UK, Germany, France, and Australia. Taken together, organisations in these countries accounted for three-quarters of the leaks included in the analysis.

The research suggests that the construction industry is among the most impacted and accounted for 19% of the data leaks. Automotive companies, on the other hand, only accounted for about 6%. A number of other industries sat between the two due to ransomware groups having different victim distributions, with some families targeting one or more industry disproportionately to others.

Stephen Robinson, senior threat intelligence analyst at WithSecure, said: “In pursuit of a bigger slice of the huge revenues of the ransomware industry, ransomware groups purchase capabilities from specialist e-crime suppliers, in much the same way that legitimate businesses outsource functions to increase their profits. This ready supply of capabilities and information is being taken advantage of by more and more cyber threat actors, ranging from lone, low-skilled operators, right up to nation state APTs. Ransomware didn't create the cyber crime industry, but it has really thrown fuel on the fire.”

In one notable example highlighted in the report, WithSecure investigated an incident that involved a single organisation compromised by five different threat actors, each with different objectives and representing a different type of cyber crime ‘service’. According to the report, this trend makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors. The report predicts that it is likely that the number of attackers and size of the cyber crime industry will both grow in the coming years.

Time West, head of threat intelligence at WithSecure, added: “We often talk about the damage ransomware attacks cause to the victims. Less attention is paid to how ransom payments provide additional resources to attackers, which has encouraged the professionalisation trend described in the report. Near-term, we’re likely to see this changing ecosystem shape the resources and type of attacks facing defenders.”

    Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023