It seems like there is a natural progression to the way technological advancements move. First, someone develops a new form of technology. Then, someone finds a way to monetize that technology and turn a profit. And then, someone eventually comes along to find a way to illegally make money off of the technology. Unfortunately, the ransomware and other computer viruses that have been developed by individual hackers are now starting to “go mainstream” as non-computer-savvy organized criminals look to make money in this field.
The new term that will probably become as popular as ransomware within the next year is “cybercrime-as-a-service.” This is where a non-tech criminal can purchase malware and ransomware on the dark web. They can then use these viruses to make money on their own, without really having the know how to create the virus in the first place. When it comes to ransomware, the criminal will purchase the program from a hacker on the dark web and then use it against a major entity—a hospital, for instance. Then, the criminal is able to collect the ransom from the victim and the original hacker is often able to earn a commission on the ransom.
A good case in point is the recent discovery of the ShurL0ckr ransomware. This particular program claims to be able to bypass detections on cloud platforms. In fact, this malware has recently been peddled on the dark web for criminals to buy and use even though they may not be tech-savvy enough to really know how it works. The hackers who sell the product are using a turnkey service to allow them to earn commissions off of the ransoms paid out.
Even more troubling is the realization that this is targeting cloud users; 44% of businesses using clouds have been hit with some form of malware. This underscores the fact that the dark web is being used to sell data as well as the programs to help criminals. In fact, one recent study has shown that individual pieces of data, such as social security numbers, are selling for less than a dollar. It is the ability to steal large numbers of these where criminals can really earn money.
So, in the wake of these major security breaches and threats, the takeaway is that best practices need to be reinforced. This means backing up files regularly, keeping your network and all computers updated regularly with security patches, and ensuring that employees are following standard security protocols. The sheer number of possible attacks almost guarantees that this year will see an increase in criminal activity.