According to a new report from U.K.-based cybersecurity company Sophos, ransomware-as-a-service attacks became more popular in the past 18 months. Of the hundreds of ransomware attacks Sophos investigated during that time, nearly 60% were perpetrated by ransomware-as-a-service groups.
Such attacks, where one group builds the malicious code and sells it to another group to use in the virtual breaking-and-entering of a vulnerable enterprise or organization, are growing increasingly sophisticated. Over the last two years, Sophos has observed a growing trend where malware developers lease their code to attackers to do the dirty work of breaking into an enterprise company’s network and holding its systems or data hostage until a ransom is paid.
The Conti brand of ransomware-as-a-service, which the FBI said in May had attacked 16 medical and first responder networks, was the most popular type of ransomware deployed during that time.
The report notes that some malware developers even create their own attack playbooks and make them available to their affiliates. As a result, different attack groups end up implementing very similar attacks. The more that specialist ransomware programmers outsource their malicious code and infrastructure to third-party affiliates, the more the size and scope of ransomware delivery methods will grow.
It is no longer enough for organizations to assume they’re safe by monitoring security tools and ensuring they’re detecting malicious code. IT teams need to understand the evolution of ransomware, and specifically the growing ransomware-as-a-service trend, in order to develop effective cybersecurity strategies for protecting their organizations in 2022 and beyond.
Sophos compiled the data in the report from a statistical analysis of the hundreds of ransomware attacks and hundreds of thousands of malware samples its threat researchers and response teams investigated in the past 18 months.
Read the full report by Sophos.