So as we review the last year and really the last few years – what has changed in the last 10 years in the decade of the 2010’s.
There are many ransomware timelines – like at TCDI.com
But what is the meaning of the ransomware review as we look at the last 15 years? They started out slow the criminals, the first ones were clunky and not very good. In fact they didn’t even work, but year after year there were improvements and soon enough a breakthrough:
2014 with Cryptowall produced a large amount of revenue for the criminals (325$ million is the estimate). Other things happened, but this was the major event because now there is a “criminal business” with a budget and employees and more. The underworld also has ways to hide in the shadows, and other things that happened of note is the reduction of needing to be a master hacker specialist to attack people. Some criminal enterprises created online marketplaces to sell their ‘wares’ and ‘services’
for example cardingworld.cc (as discussed in KrebsonSecurity.comKrebsonSecurity.com:
So in 2014 there was a perfect storm of criminal elements and once $325 million were received, the next year and the next has to be more right?
So now we have a very sophisticated attacker set on making more money using sophisticated ransomware that will likely change every year. And the entry into “new business” of making money with ransomware is easier than ever. Since now one can buy a ransomware technology, the support infrastructure, and then all one has to do is find the ‘suckers’ that will have to pay up. Well here is where one either sends out spam or other ways of hacking people. If more people would do what is good for defense this would be hard, but since we have a significant amount of people not paying attention there are plenty of targets out there.
The ROI on ransomware is 1425% as per Darkreading article.
Think about this now what happens if there are plenty of targets and 1425% return on investment(ROI). There are going to be lots and lots of competitors. And that is exactly what has happened in the last few years.
You must have your act in gear and at least have the 12 PCI compliance pieces in place to defend yourself. https://oversitesentry.com/small-company-cybersecurity-basics-pci-compliance/
Contact Us to discuss your situation