The Near and Far Future of Ransomware Business Models

This research paper explores the position of ransomware in cybercrime and what would trigger changes in ransomware business models. Ransomware has evolved into a malware used to cause major problems for enterprises, governments, healthcare, and critical infrastructure, but other cybercriminal business models — ones that can generate significantly more illicit profit — raises an interesting question: what would make ransomware actors change their criminal business models?

Geopolitical events, like Russia’s invasion of Ukraine in 2022, can trigger or force ransomware actors to change. The trigger for ransomware actors can also come from both combative and defensive strategies by law enforcement, government, and private industries: cloud adoption, hardening networks, arrests, sanctions on cybercriminal gangs and facilitating services, and the regulation of cryptocurrency to make it more difficult to launder money.

We believe that most of these strategies will lead to gradual changes in ransomware, like the usage of more zero-day vulnerabilities in the initial access phase, better operational security (OpSec), more automation to optimize revenues, increased targeting of Linux cloud servers and targeting of exotic platforms — all of which will be covered in more detail in this report.

Meanwhile, ransomware actors will only start to rethink their business and make drastic changes when they are pushed harder or realize there is much more money to be made elsewhere. For example, actors can abandon ransomware and use other more profitable payloads in the kill chain while still leveraging many of their core specialist skills. This report will detail scenarios that include the following:

• Theft of intellectual property and other sensitive data
• Business email compromise
• Stock manipulation schemes, such as “short and distort”
• Theft of cryptocurrencies at scale

Moreover, ransomware actors are likely to move and be more active in cryptocurrency theft and fraudulent schemes with crypto assets, especially once they realize how profitable these schemes are. Illicit profits in cryptocurrency are expected to grow because of the popularity of bitcoin and upcoming technologies like Web3 and the metaverse…