Expert in directing all internal and external IT risk/cyber/information security functions and managing global implementation to optimize system stability, functionality, and interoperability.
Board member for the International Consortium of Minority Cybersecurity Professionals.
Ransomware-as-a-Service (RaaS) has gone nuclear. Instead of working in silos, threat actors have effectively built an entire economy of scale around ransomware. The division of labor in cybercrime lends itself to skill specialization: some focus on malware development; others concentrate on breaching enterprise defenses and deploying the ransomware itself. There's even an emerging underground market that simply sells initial access to large enterprises for the explicit purpose of enabling ransomware! RaaS puts multi-million-dollar extortion schemes well within reach of less technically savvy threat actors. At the same time, the masterminds behind the ransomware become further detached from the actual intrusions but profit all the same.
This presents a nightmare scenario for researchers and law enforcement trying to stem the tide of ransomware attacks. Rather than focusing on one group or individual, defenders must instead fight against an entire ecosystem of malware developers, maligned "pentesters", and initial access brokers who are all working in concert. It is not uncommon for these cyber-mercenaries (so called "affiliates") to participate in multiple RaaS schemes at once. Perhaps most troubling, these affiliates are not always the financially motivated criminals they seem to be. Ransomware can easily become a smokescreen for nation-state sponsored espionage or cyberwarfare given its proclivity for data theft and its knack for societal destabilization as essential services are rendered unavailable. With all this considered, cyber-attacks will have the world’s attention again next year, even more than we’ve seen in years past. And the demand for much more sophisticated cybersecurity and Ransomware-as-a-Service (RaaS) solutions will triple – the onus is on each organization to be prepared.7 January 2022