Text I

Behind the rise of ransomware

The story of the ransomware surge is the story of the discovery, professionalization, and growth of the targeted attack extortion model. Prior to 2016, most ransomware campaigns targeted a large and effectively random pool of end users. This “spray-and-pray” business model privileged quantity over quality, meaning ransomware actors spent less time focusing on how to apply pressure on a given victim and more time trying to reach as many victims as possible. Until the tail end of this period, ransomware did not generate enormous profits. Being a second-tier avenue of cybercrime, it failed to attract as much talent or activity as it would in the years to come.

Ransomware experienced its first period of significant growth between 2013 and 2016, when refinements to ransomware payloads, the emergence of virtual currencies, and enhanced anti-fraud measures from banks and cybersecurity vendors increased the profitability of digital extortion relative to other common avenues of cybercrime. What happened next remains unclear, but with more activity concentrating on ransomware, criminals appear to have learned how easy it was to extort organizations before piecing together how lucrative these attacks could be. Regardless, between 2016 and 2019, established cybercriminal gangs entered the targeted ransomware business en masse.

From that point until the summer of 2021, cybercriminals invested growing time and resources to improve the targeted extortion model. During this period, digital extortion became more profitable because cybercriminal gangs and cybercrime markets reoriented around a near limitless demand for targeted ransomware. Moreover, as criminals learned how to best extract revenue from victims, they launched increasingly disruptive ransomware attacks.

[…]

Even though it is tempting to hope that we are just one diplomatic agreement, one technological leap, or one regulation away from its elimination, targeted ransomware is here to stay. As with other forms of crime, the government can expect better outcomes by planning how to manage the issue over time rather than searching for quick and complete solutions.

Adapted from: https://www.atlanticcouncil.org/wp-content/uploads/2022/08/Behind_the_rise_of_ransomware.pdf

Text I

Behind the rise of ransomware

The story of the ransomware surge is the story of the discovery, professionalization, and growth of the targeted attack extortion model. Prior to 2016, most ransomware campaigns targeted a large and effectively random pool of end users. This “spray-and-pray” business model privileged quantity over quality, meaning ransomware actors spent less time focusing on how to apply pressure on a given victim and more time trying to reach as many victims as possible. Until the tail end of this period, ransomware did not generate enormous profits. Being a second-tier avenue of cybercrime, it failed to attract as much talent or activity as it would in the years to come.

Ransomware experienced its first period of significant growth between 2013 and 2016, when refinements to ransomware payloads, the emergence of virtual currencies, and enhanced anti-fraud measures from banks and cybersecurity vendors increased the profitability of digital extortion relative to other common avenues of cybercrime. What happened next remains unclear, but with more activity concentrating on ransomware, criminals appear to have learned how easy it was to extort organizations before piecing together how lucrative these attacks could be. Regardless, between 2016 and 2019, established cybercriminal gangs entered the targeted ransomware business en masse.

From that point until the summer of 2021, cybercriminals invested growing time and resources to improve the targeted extortion model. During this period, digital extortion became more profitable because cybercriminal gangs and cybercrime markets reoriented around a near limitless demand for targeted ransomware. Moreover, as criminals learned how to best extract revenue from victims, they launched increasingly disruptive ransomware attacks.

[…]

Even though it is tempting to hope that we are just one diplomatic agreement, one technological leap, or one regulation away from its elimination, targeted ransomware is here to stay. As with other forms of crime, the government can expect better outcomes by planning how to manage the issue over time rather than searching for quick and complete solutions.

Adapted from: https://www.atlanticcouncil.org/wp-content/uploads/2022/08/Behind_the_rise_of_ransomware.pdf

Text I

Behind the rise of ransomware

The story of the ransomware surge is the story of the discovery, professionalization, and growth of the targeted attack extortion model. Prior to 2016, most ransomware campaigns targeted a large and effectively random pool of end users. This “spray-and-pray” business model privileged quantity over quality, meaning ransomware actors spent less time focusing on how to apply pressure on a given victim and more time trying to reach as many victims as possible. Until the tail end of this period, ransomware did not generate enormous profits. Being a second-tier avenue of cybercrime, it failed to attract as much talent or activity as it would in the years to come.

Ransomware experienced its first period of significant growth between 2013 and 2016, when refinements to ransomware payloads, the emergence of virtual currencies, and enhanced anti-fraud measures from banks and cybersecurity vendors increased the profitability of digital extortion relative to other common avenues of cybercrime. What happened next remains unclear, but with more activity concentrating on ransomware, criminals appear to have learned how easy it was to extort organizations before piecing together how lucrative these attacks could be. Regardless, between 2016 and 2019, established cybercriminal gangs entered the targeted ransomware business en masse.

From that point until the summer of 2021, cybercriminals invested growing time and resources to improve the targeted extortion model. During this period, digital extortion became more profitable because cybercriminal gangs and cybercrime markets reoriented around a near limitless demand for targeted ransomware. Moreover, as criminals learned how to best extract revenue from victims, they launched increasingly disruptive ransomware attacks.

[…]

Even though it is tempting to hope that we are just one diplomatic agreement, one technological leap, or one regulation away from its elimination, targeted ransomware is here to stay. As with other forms of crime, the government can expect better outcomes by planning how to manage the issue over time rather than searching for quick and complete solutions.

Adapted from: https://www.atlanticcouncil.org/wp-content/uploads/2022/08/Behind_the_rise_of_ransomware.pdf

Text I

Behind the rise of ransomware

The story of the ransomware surge is the story of the discovery, professionalization, and growth of the targeted attack extortion model. Prior to 2016, most ransomware campaigns targeted a large and effectively random pool of end users. This “spray-and-pray” business model privileged quantity over quality, meaning ransomware actors spent less time focusing on how to apply pressure on a given victim and more time trying to reach as many victims as possible. Until the tail end of this period, ransomware did not generate enormous profits. Being a second-tier avenue of cybercrime, it failed to attract as much talent or activity as it would in the years to come.

Ransomware experienced its first period of significant growth between 2013 and 2016, when refinements to ransomware payloads, the emergence of virtual currencies, and enhanced anti-fraud measures from banks and cybersecurity vendors increased the profitability of digital extortion relative to other common avenues of cybercrime. What happened next remains unclear, but with more activity concentrating on ransomware, criminals appear to have learned how easy it was to extort organizations before piecing together how lucrative these attacks could be. Regardless, between 2016 and 2019, established cybercriminal gangs entered the targeted ransomware business en masse.

From that point until the summer of 2021, cybercriminals invested growing time and resources to improve the targeted extortion model. During this period, digital extortion became more profitable because cybercriminal gangs and cybercrime markets reoriented around a near limitless demand for targeted ransomware. Moreover, as criminals learned how to best extract revenue from victims, they launched increasingly disruptive ransomware attacks.

[…]

Even though it is tempting to hope that we are just one diplomatic agreement, one technological leap, or one regulation away from its elimination, targeted ransomware is here to stay. As with other forms of crime, the government can expect better outcomes by planning how to manage the issue over time rather than searching for quick and complete solutions.

Adapted from: https://www.atlanticcouncil.org/wp-content/uploads/2022/08/Behind_the_rise_of_ransomware.pdf