Ransomware-as-a-service industry now exceeds $1bn: Tenable

By Dylan Bushell-Embling
Thursday, 30 June, 2022

Ransomware-as-a-service industry now exceeds $1bn: Tenable

The ransomware industry is evolving to an as-a-service model and raking in millions, with cybersecurity company Tenable estimating that the industry was worth US$692 million (AU$1 billion) in 2020 alone.

In a new report, Tenable estimated that ransomware groups earned 380% more in 2020 than they had in the previous six years combined.

Tenable attributes the rapid growth to the emergence of the technique pioneered by the Maze ransomware group of double extortion, involving stealing sensitive data and then both encrypting it to prevent access and threatening to leak the files online if victims do not comply with their demands.

Other extortion techniques are also emerging such as launching DDoS attacks and contacting customers of victims.

“With RaaS and double extortion, Pandora’s box has been opened, and attackers are finding holes in our current defences and profiting from them. The Australian Cybersecurity Centre recorded a 15 per cent increase in ransomware cybercrime in 2021,” Tenable senior staff research engineer Satnam Narang said.

The success of the ransomware-as-a-service model has also attracted other players such as affiliates and initial access brokers (IABs) operating within the ransomware industry, the report states.

Affiliates typically earn between 70–90% of the ransomware payment, and are given the task of gaining access to networks through methods such as spear phishing, brute force attacks and exploiting unpatched zero-day vulnerabilities, Tenable said.

Meanwhile IABs are groups that have already gained illicit access to networks and are selling access to the highest bidder, with fees ranging from an average of US$303 for control panel access up to US$9874 for remote desktop protocol access.

Image credit: ©stock.adobe.com/au/Maksim Kabakou

Related News

Lack of leadership buy-in biggest obstacle to digital trust: report

A new report from ISACA says that many organisations say that in five years digital trust will be...

Lack of customer confidence affecting security strategies: report

A survey from LogRhythm finds three-quarters of ANZ companies changed their security strategy...

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd