Is Off-The-Shelf Code Fuelling the Surge in Ransomware?

Share
Off-the-shelf ransomware refers to pre-packaged malware kits that can be purchased and deployed with minimal technical expertise
This trend towards 'off-the-shelf' ransomware and affiliate programmes is dramatically altering the cybercrime landscape

The resurgence of ransomware that is currently plaguing enterprises and giving cybersecurity companies a headache may have a cause - off-the-shelf' ransomware.

That's according to antivirus platform Kaspersky, which released a report detailing a surge in ransomware attacks utilising leaked code.

The report highlights the growing threat posed by ransomware groups leveraging leaked source code and tools from disbanded or defunct larger organisations.

Ransomware report’s findings

The research, conducted by Kaspersky's Global Research and Analysis Team (GReAT), reveals a 30% increase in targeted ransomware groups compared to 2022, with known victims of their attacks rising by a staggering 71%.

Notably, the LockBit 3.0 ransomware emerged as the most frequently encountered malware in organisations' systems in 2023, largely due to the leak of its builder in 2022.

This leak enabled various independent groups to create custom ransomware variants, which were then used to target organisations worldwide. 

The BlackCat/ALPHV and Cl0p ransomware groups followed as the second and third most active threats, respectively.

Off-the-shelf threat

This trend towards 'off-the-shelf' ransomware and affiliate programmes is dramatically altering the cybercrime landscape.

Off-the-shelf ransomware refers to pre-packaged malware kits that can be purchased and deployed with minimal technical expertise. 

These kits often come with user-friendly interfaces, making them accessible to a broader range of potential attackers.

Affiliate programmes, on the other hand, operate on a Ransomware-as-a-Service (RaaS) model. 

In this setup, ransomware developers provide their malware to 'affiliates' for a subscription fee or a percentage of the ransom payments. 

This model allows cybercriminals to specialise in different aspects of an attack, from initial access to ransom negotiation, increasing overall efficiency and profitability.

Youtube Placeholder

“The barrier to entry for launching ransomware attacks has plummeted. With off-the-shelf ransomware and affiliate programs, even novice cybercriminals can pose a significant threat,” comments Jornt van der Wiel, a Senior Cybersecurity Researcher at Kaspersky’s GReAT.

The research also uncovered a significant shift in the ransomware ecosystem. This democratisation of ransomware capabilities has led to a more diverse and unpredictable threat landscape. 

Smaller, more elusive groups are emerging, making it increasingly difficult for cybersecurity professionals and law enforcement to track and mitigate threats effectively.

From high-profile breaches affecting critical sectors to attacks on small businesses, the impact of ransomware continues to expand. 

To mitigate risks, Kaspersky recommends implementing robust security solutions, conducting regular system updates and backups, providing comprehensive cybersecurity training to employees, and utilising threat intelligence to stay ahead of emerging tactics.

In addition, Kaspersky has issued five points it recognises as common points of entry:

Tips for organisations to resist ransomware
  • Provide staff with basic cybersecurity hygiene training, including simulated phishing attacks to improve email threat recognition
  • Implement protection solutions for mail servers with anti-phishing capabilities to reduce the risk of infection through phishing emails
  • Use endpoint protection solutions with anti-phishing features to enhance security against email-based threats
  • If using cloud services like Microsoft 365, ensure appropriate security measures are in place, including protection for communication and file-sharing apps
  • For small businesses, consider lightweight, easy-to-manage security solutions that offer effective protection against phishing and malware
  • Implement a comprehensive security solution for small and medium businesses that includes file, mail, network, and web threat protection features

As the ransomware landscape continues to evolve, organisations must remain vigilant and adaptive in their cybersecurity strategies. The proliferation of off-the-shelf ransomware and affiliate programmes underscores the need for a proactive, multi-layered approach to cyber defence, combining technological solutions with human expertise and ongoing education.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security