• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • Latest News
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

Tenable: Ransomware-as-a-Service is Booming

A new report from Tenable details the lucrative ransomware industry and how cybercrime has matured into a business-like ecosystem.

June 22, 2022 Zachary Comeau Leave a Comment

WatchGuard Ransomware
stock.adobe.com/santiago silver

The subscription economy adopted by the software industry is growing ransomware from what was once a fledgling threat to an IT security crisis as ransomware groups continue to pad their wallets and grow the ransomware-as-a-service economy, according to a new report from Tenable.

According to the Maryland-based vulnerability management software company, that service model is lowering the barrier of entry and creating a massive cybercrime economy that includes ransomware developers, initial access brokers and other affiliates.

In a new report on the growth of the ransomware industry, Tenable says ransomware groups earned a whopping $692 million in 2020 alone, which was good for a 380% increase over the previous six years combined.

With limited visibility into the cryptocurrency wallets used by ransomware groups, Tenable believes those financial figures may be much higher.

“However, these numbers underscore one undeniable fact: ransomware has cemented itself as one the greatest threats to global organizations today — and it has become a lucrative criminal ecosystem in the process,” the company’s report says.

The players in the ransomware economy

Tenable’s report details the ransomware-as-a-service economy, detailing how initial access brokers (IABs) gain access to organizations’ networks and maintain persistence, selling access to other cybercrime groups. These prices are generally affordable, ranging on average from $303 for control panel access to nearly $10,000 for remote desktop protocol (RDP) access.

Ransomware affiliates leverage these actors to help expedite their efforts to infect organizations, reducing their need to find ways into their victim’s networks in the first place. Some of these groups work independently, while others work closely with known ransomware actors.

Affiliates are the entities that compromise organizations by either purchasing access through IABs or conducting their own attacks, such as phishing, brute force or exploiting unpatched vulnerabilities.

According to the Tenable report, affiliates are the operators of the ransomware attack, and are often given a playbook of instructions on how to breach organizations from the ransomware developers. The ransomware-as-a-service model allows affiliates to work independently and deploy multiple ransomware strains.

Ransomware groups, meanwhile, are the creators of the ransomware, as well as the entities that host leak website son the dark web and manage the negotiation process with each victim. They also conduct reverse engineering, administrative work and even human resources and recruitment.

Some currently well-known ransomware groups include Conti, REvil, BlackCat and others, but Tenable notes that these kind of entities often disappear for unknown reasons for law enforcement action, but usually reappear under different names.

Extortion techniques run rampant

While that trend isn’t new, what has propelled the ransomware industry to new highs is the extortion tactics being used to compel victims to pay the ransom. These methods include using DDoS attacks, contacting customers and employees of ransomware victims, threatening release of data if law enforcement is contacted and the ransom isn’t paid and threatening to use a disk wiper to destroy systems.

While phishing, brute force and leveraging vulnerabilities are common tools that any threat group might use to gain initial access to a network, ransomware groups have become known to leverage Active Directory to elevate privileges and more laterally across the victim’s entire network. Tenable’s report says this method typically includes the use of critical bugs such as Zerologon and PetitPotam.

This helps speed up the deployment of the malware, leading to the infection of an entire domain within just a few hours from the initial phishing email.

In its report, Tenable gives includes guidance on how to defend against ransomware, such as common cybersecurity best practices such as using multifactor authentication, strong password policies and a robust patch management program.

However, the company also urges organizations to audit permissions for user accounts, harden RDP, strengthen Active Directory security, training end users and planning for ransomware attacks.

Read the company’s report for more information, including a list of dozens of vulnerabilities commonly exploited by ransomware actors.

Tagged With: ransomware, Tenable

Related Content:

  • Google Password Manager Google Updates Password Manager For Unified Experience
  • VMware vSphere+ vSAN+ VMware Releases vSphere+ and vSAN+ to Enhance On…
  • Microsoft Cybersecurity Architect Expert Microsoft Adds New Expert-level Cybersecurity Architect Certification
  • Microsoft Basic Auth Prepare: Microsoft Begins Disabling Basic Auth in Exchange…

Free downloadable guide you may like:

  • Uber Advanced Technologies Group Drives its Business Forward

    The guiding principle for the new Uber meeting room redesign was “invisible comfort” to ensure that everyone could maximize productivity.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Uber Advanced Technologies Group Drives its Business Forward

The guiding principle for the new Uber meeting room redesign was “invisible comfort” to ensure that everyone could maximize productivity.

Windows 11
Blueprint Series: Upgrading to Windows 11

Upgrading end users to Windows 11 could be one of the most challenging tasks IT has to face in the coming years. Although the new version is touted...

The State of the IT Department in 2022

The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to ma...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.