NEW YORK—Several factors are contributing to driving the number of ransomware attacks ever higher, a new analysis has found.
One of the big factors: many ransomware-wielding attackers continue to rely on a number of cybercrime-as-a-service providers to support their ability to easily gain access to targets and steal data.
In addition, an increasing number of ransomware operations also run data leak sites to pressure nonpaying victims into meeting attackers' ransom demands, researchers say, Bank Info Security reported.
“One cornerstone of the ransomware ecosystem remains initial access brokers, who provide paying customers with remote access to a victim's network. While such access can come in many forms, security researchers say stolen remote desktop protocol credentials remain common, as do stolen virtual private networking connections,” Bank Info Security stated. “Tracking just how much access gets sold remains difficult because many brokers do not publicly list victims or prices. Some brokers also have exclusive, private relationships with ransomware operations.”
Ongoing Surge
Based on what researchers can see, however, the market has been continuing to surge. Comparing the 12 months ending on June 30 with the prior 12-month period, cybersecurity firm Group-IB says in a new report that it saw the number of publicly listed initial access offers nearly tripled, increasing from 362 to 1,099. The total value of those nearly 1,100 separate access offers was $7.2 million, Bank Info Security reported.
“The greater the access, the more an access broker will charge for its initial access offering. For example, the most widely available credentials - RDP and VPN - offer low levels of access and regularly sell for as little as $5 or $10 per individual endpoint, according to a new report from security firm Trend Micro,” Bank Info Security said.