The online crime landscape is broad and varied, but ransomware attacks, both random and targeted, continues to be the major threat for consumers and businesses alike, a new report from Europe’s largest law enforcement agency shows.
In its annual Internet Organized Crime Threat Assessment, released this week, Europol said that while the growth in ransomware attacks is beginning to slow, it is still the dominant cybercrime in reports from law enforcement and industry organizations. The past year has seen a number of major ransomware-related attacks, most notably the WannaCry outbreak and the NotPetya attack, which used ransomware as a disguise for a destructive data-wiping campaign. Both of those attacks caused tremendous damage and financial losses for victimized organizations.
“The WannaCry and NotPetya attacks of mid-2017 were of an unprecedented global scale, affecting an estimated 300 000 victims worldwide, in over 150 countries, with the WannaCry attacks alone estimated to have cost global economies in the region of USD 4 billion,” the Europol report says.
“Within the EU, the attacks affected a wide range of key industries and critical infrastructures including health services, telecommunications, transport and manufacturing industries. Later in the year, the Bad Rabbit ransomware hit over 200 victims in Russia and Eastern Europe, again affecting critical infrastructures such as healthcare, transport and financial sectors.”
The majority of ransomware campaigns are run by either individual cybercriminals or loosely organized groups that hit targets of opportunity. They’re looking for quick payoffs from as many victims as possible, and some of those groups have had significant success. Others sell their ransomware and payment infrastructure as a subscription service to individual criminals. But higher-level operators, including those believed to be responsible for NotPetya and WannaCry, are beginning to use ransomware in carefully targeted attacks, sometimes developing custom variants for specific operations.
“The WannaCry and NotPetya attacks of mid-2017 were of an unprecedented global scale."
Some EU states “report that campaigns are customised or tailored to specific companies or individuals, suggesting a more organised or professional attack. As we have seen with other cyberattacks, as criminals become more adept and the tools more sophisticated yet easier to obtain, fewer attacks are directed towards citizens and more towards small businesses and larger targets, where greater potential profits lie,” the report says.
If ransomware is the present, malicious cryptominers may be the future. Some legitimate sites have turned to using in-browser mining of cryptocurrencies such as Monero as a way to earn revenue. But there are also many variants of malware that hijack users’ browsers or install miners on their machines in order to mine Bitcoin or Monero. This tactic is less risky for attackers and potentially more profitable, as it doesn’t rely on victims to actually pay.
“Such attacks are infinitely more appealing to cybercriminals wishing to keep a low profile, requiring little or no victim engagement and, at least currently, minimal law enforcement attention (with browser based mining not actually being illegal),” the Europol report says.
“Given that during 2017 Bitcoin prices reached a value of almost EUR 17 000 and the more easily mineable Monero reached almost EUR 400 (per coin), the risk vs reward clearly favours cryptomining, given that a typically quoted ransomware payment is around EUR 250.”