🎙️ Chester Wisniewski, a principal research scientist at cyber-watchdog Sophos. We got Wisniewski’s take on where this 21st-century crimewave could be headed and what are the biggest dangers of cyber crimes if 2022 and beyond.
Wisniewski works to help companies resist the onslaught of cyberattacks from ransom-hungry criminals. And those attacks just keep on coming…
With losses from ransomware attacks estimated in the multimillions and the tools to conduct them easily available, cybercriminals are queuing up to get a slice of the ill-gotten gains, an Infosecurity veteran is warning.
Wisniewski warns that much of the tens of millions of dollars in extortion that Sophos has witnessed is being raked in by smaller groups mounting stealth attacks on easier targets.
Affiliates often participate in multiple ransomware groups, so it’s not even really possible to survey the landscape to tell the size, but I think it’s going to remain somewhat small because that’s where they’re having the most success. When they grow too big is when somebody turns on them or steals the money – or the people at the top just decide they’re rich enough and walk away.
Is there really any pattern to the modus operandi of ransomware groups as a whole, or does it just depend on what the individual ringleaders decide?
The truth is, we haven’t really seen any change. How much money you have determines how sophisticated the attackers might be – but we’re seeing everything from 15-person companies regularly getting hit. Obviously, those companies aren’t paying million-dollar ransoms, they’re not headlines, but that’s not stopping smaller groups from targeting them for $10,000 or $15,000.
🎙️ The unsettling trend in Ransomware crime:
One is still the ignorance of organizations: thinking they won’t be targeted despite the fact that they haven’t done any of the basics correctly.
If somebody drops out because they retired, there’s more than enough people standing in line to take their spot. We’re talking about probably a billion-plus dollars: it’s impossible to know the [total worldwide] amount of ransoms being paid, but just on what we witness, it’s very easy to say it’s tens of millions. I can see that much flowing myself, it’s a heck of a lot of cash.
🎙️ The bottom line of ransomware gangs & phishing attacks:
Human vulnerability is what all cybercrime is about. The reason we fall for phishing attacks isn’t because we’re stupid, it’s because we had a long day and just got a call that our kid is sick and we have to leave early to pick them up – and then that email comes in, and we click the link because we just weren’t paying attention. Most of our problems in cybercrime come from human psychology and frailty in the end. These guys monetizing that just shows ethically where they’re at.