"I've done a bit of deep-diving myself and found some technical stuff that the FBI didn't"

Wouldn’t it be nice to live in a world where things weren’t quite so crazy? No, I'm not talking about the fascinating real-world cartoon that is President Orange and his sidekick, Space Karen, but rather one where ransomware actors weren't still a massive threat to your networks, data, reputation and bank balance. But here we are.

Despite FBI disruption, hair-pulling and squabbling within criminal groups (Black Basta I'm looking at you) and a generally improved defensive posture against ransomware, the threat is not only evolving but surging.

One report, from a group of threat intelligence experts at Ontinue, revealed a 132% increase in ransomware attacks in quarter one of the year compared to the quarter before. This comes at the same time as the amount of money actually being paid to scumbag attackers dropping by 35%, no doubt in response to a harsher regulatory and legal playing field. When I spoke to Casey Ellis, the founder of the Bugcrowd bug bounty hacking platform, he warned that “the ransomware business model is an arms race, and threat actors are nothing if not adaptable.” Sadly, he is far from being wrong.

Ransomware as a service

Which is where Medusa enters stage left. As well as the ransomware threat seeing a bulk shift from network lockdown to data exfiltration, there has been a shift behind the scenes in the way the criminals operate.

One of the biggest evolutionary moves has been towards providing ransomware-as-a-service models. To explain, the more “traditional” model involves the developer (and therefore the brains behind the operation) taking a slice of the victim payment pie while the affiliates who do the attack donkey work grab an even bigger chunk of the ill-gotten gains.