Ransomware Attacks and Scenarios: Cost Factors and Loss of Reputation

Abstract

Cyberattacks and thus cybersecurity risks have accelerated over the past years. Cyberattacks are based on threat event attack types, as described in Chap. 2 . Besides other threat event attack types, ransomware is probably the No. 1 challenge of threat event attacks that industrial, public, and private organizations are facing. Ransomware is a type of malware that typically locks the data on a targeted computer system or user’s files by encryption. This cyberattack demands a payment (ransom) before the ransomed data is decrypted and access returned to the targeted user, but ransomware comes in many forms. In this regard, ransomware is a type of malware used by cybercriminals for financial gain. Typically, a ransom note is installed on a targeted computer system at the same time the data/files are encrypted. They not include information on the ransom demands, meaning the amount of ransom a deadline for payment, and instructions how to reach and pay the ransom providing details on the cryptocurrency wallet or other wiring information to complete the transaction. In this context, ransomware is a two-step-extortion: Step 1 is to encrypt and extract the data/information; Step 2 is to negotiate the ransom. However, over the past years, ransomware has emerged to Ransomware-as-a-Service (RaaS), because ransomware has proven to be an effective approach for cybercriminals to hit it big, in terms of both payouts and notoriety. One of the cases was the 2020 Solar Winds supply chain attack. Cybercriminals targeted Solar Winds by deploying malicious code into its Orion IT monitoring and management software platform used by thousands of industrial organizations and government agencies worldwide, which creates a backdoor through which cybercriminals access and impersonate users and accounts of the targeted organizations’ systems. The SolarWinds supply chain attack was a major cybercriminal event because not a single company was attacked by a breach-in, but it triggered a much larger supply chain incident that affected thousands of organizations, including the US government. In this cyberattack, the cybercriminals used tools used for many years, developed, and adjusted them with new attack pattern, and cybercriminals hit it big in terms of payout and notoriety. Such ransomware attacks led to an evolution capitalizing on a growing number of cybercriminals who want to get in. These successful cybercriminals started as cybercriminal entrepreneurs offering RaaS, which makes carrying out ransomware much easier by other cybercriminals, lowering the barrier to entry, and expanding the reach of ransomware. In this, cybercriminal business model gains the RaaS entrepreneur a percentage of the ransom paid to the new cybercriminal or a group of cybercriminals using RaaS in a license model, who attack organizations for a ransom. Against this background, Chap. 6 introduces Sect. 6.1 in ransomware attacks and the ransomware landscape, whereas Sect. 6.2 focuses on ransomware attacks and scenarios in Sect. 6.2.1 and ransomware attacks on OT systems in Sect. 6.2.2. Section 6.3 refers to Cost Factors of Ransomware Attacks (CFoRA) and introduces a useful design of the approaches in Recovery Point Objective (RPO) and Recovery Time Objective (RTO) in the Sects. 6.3.1, 6.3.2, and 6.3.3. The focus in Sect. 6.4 is on Loss of Reputation (LoR) and preventing it. Section 6.5 contains comprehensive questions of the topics ransomware, Cost Factors of Ransomware Attacks and Loss of Reputation through ransomware attacks. Finally, “References” refers to the used references for further reading.