- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Type of Threat or Opportunity >
- Trend snippet: Ransomware changed in 2021
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Ransomware changed in 2021
of dollars per ransom, holding entire organizations captive under the threat of total
system shutdown. The evolution of the ransomware business model is at the core of this phenomenon. Ransomware-as-a-Service (RaaS) introduces affiliate programs at low onboarding costs, enabling any attacker to easily join the trend. The attacker selects one of the leading ransomware “projects” and follows the detailed, easy to follow complimentary operations manual, which contains complete instructions for every stage of the attack. If the intrusion was successful, the ransomware operators and affiliates share a percentage of the victim’s ransom payment. This extremely profitable scheme allows attackers to reach a wider range of victims and offers higher returns to all involved.
The ransomware operators are the backbone of the whole operation, offering not just the ransomware itself, but also money laundering services and negotiation specialists. The different ransomware programs compete for affiliates, so ransomware groups are constantly developing more attractive tools and services for their affiliate programs in order to help them stand out in a competitive underground community. Reputation is a key motivating factor, as that can influence a group’s chances of earning big returns or even lead to apprehension by the authorities. It’s therefore not surprising that cybercriminals mediate their internal disputes on tribunal forums, where losing a case can cost a group their reputation and profits.
Proactive measures and offensive operations by governments worldwide have managed to put a noticeable dent in the ransomware ecosystem, disrupting ransomware operations and causing havoc in the underground scene. Despite this, millions of dollars in potential revenue mean that we will likely see more ransomware “projects” coming up in 2022, with successful ones serving as a model for upcoming and improved attacks. One takeaway the ransomware operators may have from the events of 2021 is that the type of targets ransomware operators choose might be the difference between a long term operation or a very short one.