top of page

Understanding the wider criminal ecosystem that surrounds ransomware attacks

Updated: Dec 27, 2023

Ransomware attacks has increasingly become one of the most popular ways for cyber criminals to obtain pay-outs from organisations and capture and consequently leak sensitive data online. The NCSC have outlined in their white paper how due to the emphasis on ‘big game hunting’ (the targeting of larger organisations in cyber-attacks), the cyber-crime ecosystem and its inner workings, are important to understand.

Ransomware is adaptable within the cybercriminals marketplace which means that although it is often OCG’s that are involved in this crime, smaller criminal groups have started to work together to achieve higher extortion rates. As technology has developed and changed, so has the ecosystem around ransomware and extortion. For example, there are many models that cyber-criminals use to obtain ransomware such as by buying existing ransomware code, ‘in-house’ solutions where the same group conduct majority of the attack or the most frequently used model, ‘ransomware as a service’ (RaaS). This is typically a web portal which enables customers to change ransomware code and has features which allows local back ups to be deleted, hindering recovery of data.

As described, there are now multiple ways that criminals can obtain ransomware, showing how this threat is constantly evolving and adapting in order for the cyber-criminals to receive maximum profits. By understanding the wider ecosystem that surrounds the ransomware world, it shows how a holistic approach should be taken when trying to minimise potential attacks.

Although this means that ransomware attacks are on the rise due to the higher accessibility ransomware codes, it is important to understand that ransomware attacks are opportunistic, and organisations are often not targeted specifically by criminals groups.

It may seem tempting to cyber security departments to focus on specific ransomware strains that may pose a threat to a particular organisation. However due to the mass amount of potential ransomware attacks made available by the criminal ecosystem, it is counter productive. Ultimately following cyber security advice will implement measures that will interrupt the majority of attacks and hopefully deter further attempts; these attacks are not as sophisticated as they may seem.

The NCSC has further information on ransomware, including prevent and protect strategies that are likely to benefit businesses. Some of their advice includes:

  • Making regular back ups of data.

  • Blocking websites that are known to be malicious.

  • Actively inspecting content.

  • Provide security education and awareness training to staff.

For more details, check out the NCSC website to help protect your data.


bottom of page