The Babuk ransomware gang, which has only been in existence for a few months, have already announced plans to quit. They have hit their goals, specifically citing breaching the Metropolitan Police Department. Their plan is to open source their malware.
Of course, there are always new gangs – N3TWoRM has launched, targeting Israeli companies starting last week. They’re following the pattern – a leak site to show stolen files to scare victims into payments.
Techniques are getting more unique too – there’s a new research finding about using ICMP ping for command-and-control activities. Dubbed “Pingback”, this targets Windows 64-bit systems, and uses DLL Hijacking for persistence.
Why do we care?
It’s all the strategy details. A ransomware gang doesn’t have to last long now to hit their business plan. This one is now boosting those who will come behind.
The extortion play is clearly systemized. Layer that in with the ease of acquiring the tools… it’s easy to see how this is such a growing business.
With that, it’s also easy to see the motivation to continue to innovate. Of course we see new techniques – the incentives are all there.
This only really stops when the incentive structure is changed. When it’s this easy and this successful, it will just keep coming.