Once ransomware became mainstream, the cyber criminals focused their efforts on refining and enhancing their attacks in order to increase revenue. This included:
Branding: Savvy cyber criminals realized that people would only pay up if there was a high chance their data would be restored. As a result, a reliable decryption tool was essential for ransomware to be an ongoing revenue generator. At the same time, not all decryption tools were equal. Ransomware actors with an effective tool didn’t want to be tainted by association with less effective ones. This led them to use a marketing technique that’s been common practice in the commercial world for decades: branding. A quick internet search on a ransomware name informs the victim of the likelihood of getting their data back if they pay up.
Ransomware-as-a-service: Where ransomware experts took advantage of the business opportunity to provide ransomware ‘packages’ to fellow crooks who lacked encryption knowledge and payment systems, but who were good at distributing threats. The service included the malware and back end payment through a central site, in return for 30% of revenue received.
High impact ransomware: Enabling ransomware actors to improve their return on investment (ROI) by targeting a small number of victims with crippling attacks. Targeted attacks required less effort, and had less exposure, while increasing the impact of their attack, they also increased the victim’s propensity to pay.
At the same time, the cyber security industry was busy evolving its defensive technologies identifying how to spot and block ransomware attacks to stay ahead of the cyber criminals.