Ransomware driving professionalization of cyber crime

Press Release  |  May 25, 2023

WithSecure report highlights a security incident involving five different groups as evidence of an increasingly professional, service-oriented cyber crime industry.

Helsinki, Finland – May 25, 2023: The success of ransomware gangs has spurred a significant trend of professionalization amongst cyber criminals where different groups develop specialized services to offer one another, according to a new report from WithSecure™ (formerly known as F-Secure Business).

Ransomware has been around for decades, but the threat has continuously adapted to improvements in defenses through the years. One notable development is the current dominance of multi-point extortion ransomware groups, which employ several extortion strategies at once (usually both encryption to prevent access to data and stealing data to leak publicly) to pressure victims for payments. 

According to an analysis of over 3000 data leaks by multi-point extortion ransomware groups, organizations in the United States were the most common victims of these attacks, followed by Canada, the United Kingdom, Germany, France, and Australia. Taken together, organizations in these countries accounted for three-quarters of the leaks included in the analysis.

The construction industry seemed to be the most impacted and accounted for 19% of the data leaks. Automotive companies, on the other hand, only accounted for about 6%. A number of other industries sat between the two due to ransomware groups having different victim distributions, with some families targeting one or more industry disproportionately to others.

While the threat of ransomware has inflicted considerable pain on organizations in different countries and industries, its transformative impact on the cyber crime industry cannot be overstated.

“In pursuit of a bigger slice of the huge revenues of the ransomware industry, ransomware groups purchase capabilities from specialist e-crime suppliers, in much the same way that legitimate businesses outsource functions to increase their profits,” explained Senior Threat Intelligence Analyst Stephen Robinson. “This ready supply of capabilities and information is being taken advantage of by more and more cyber threat actors, ranging from lone, low-skilled operators, right up to nation state APTs. Ransomware didn't create the cyber crime industry, but it has really thrown fuel on the fire.”

In one notable example highlighted in the report, WithSecure™ investigated an incident that involved a single organization compromised by five different threat actors, each with different objectives and representing a different type of cyber crime service:

  •  The Monti ransomware group
  • Qakbot malware-as-a-service
  • A cryptojacking group known as the 8220 Gang (also tracked as Returned Libra)
  • An unnamed initial access broker (IAB)
  • A subset of Lazarus Group, an advanced persistent threat associated with North Korea’s Foreign Intelligence and Reconnaissance General Bureau

According to the report, this professionalization trend makes the expertise and resources to attack organizations accessible to lesser-skilled or poorly resourced threat actors. The report predicts that it is likely that the number of attackers and size of the cyber crime industry will both grow in the coming years.

“We often talk about the damage ransomware attacks cause to the victims. Less attention is paid to how ransom payments provide additional resources to attackers, which has encouraged the professionalization trend described in the report. Near-term, we’re likely to see this changing ecosystem shape the resources and type of attacks facing defenders,” said WithSecure Head of Threat Intelligence Tim West.

The full report, The Professionalization of Cyber Crime, is available at https://www.withsecure.com/en/expertise/research-and-innovation/research/the-professionalization-of-cyber-crime.

More information on ransomware is available at https://www.withsecure.com/en/expertise/blog-posts/ransomware-profits-are-transforming-cyber-crime.

WithSecure™ media relations
Adam Pilkey

About WithSecure™

WithSecure™, formerly F-Secure Business, is cyber security’s reliable partner. IT service providers, MSSPs and businesses – along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers – trust us for outcome-based cyber security that protects and enables their operations.

Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. With more than 30 years of experience in building technology that meets business objectives, we’ve built our portfolio to grow with our partners through flexible commercial models.

WithSecure™ Corporation was founded in 1988, and is listed on NASDAQ OMX Helsinki Ltd.