While the Resort Municipality of Whistler (RMOW) recently fell victim to a ransomware attack, such incidents are becoming increasingly common, according to cyber security experts.
Fortinet's FortiGuard Labs in Burnaby is seeing a vast increase in the rate and sophistication of ransomware attacks over the past year and a half, said Derek Manky, the company's chief of security insights and global threat alliances.
Ransomware first started becoming popular in about 2010, and for the better part of a decade the attacks were about hitting as many targets as possible, often aimed at smaller operations that could be extorted out of money in exchange for their data.
But because of how much the “gangs” have profited, “they’ve become more bold and brazen now,” Manky said. “They have more technology … their ransom techniques are stronger when it comes to encryption and cryptography. They have more means to move money through with the rise of cryptocurrency and crypto platforms.”
And with that sophistication has come an increase in targeted attacks such as the RMOW is experiencing.
Manky said FortiGuard witnessed a sevenfold increase in this type of activity in the second half of 2020 alone. While the company keeps active tabs on about 10 known ransomware gangs, Manky estimates there’s “at least 20 or 30 of these gangs now, that are growing in size,” he said.
As ransomware attacks now represent an entire ecosystem—from hacking, to extortion, to those operating online marketplaces and the thousands of people purchasing stolen private information—“each gang can be up to 50 members now,” Manky said.
“And it’s creating actually a competitive landscape between the gangs, as well, in a sort of turf war.”
The good news is that the cyber security industry is working in collaboration with law enforcement agencies across the globe to address the growing threat, Manky said.
“Because of this industry collaboration and effort, there are actually … take downs that are happening; there’s been at least four of these gangs that have been targeted for take down in the last six months, which is very high activity,” he said, likening dismantling the operations to a “precision game,” much like disarming a bomb.
“If you don’t take it down right, they’re going to have other components so that they can resurrect it, and that’s the Whack-a-Mole part,” he said.
“They’ll set up shop somewhere else, obviously. If you’re not arresting them, they’re still out there and they’re going to come back with another plan of attack.”