The malware industry is part of this new, organized crime — and “organized” is an important part of the story to understand. The dark side of the internet is more rational than most of us realize and it follows basic economic principles. According to this 2017 Data Breach Investigations Report (DBIR) from Verizon, 93 percent of breaches have financial or espionage-related motives, meaning cybercriminals now have motivation to become more effective and dangerous.
As they say, there is honor among thieves. To this end, it’s incumbent on cybercriminals to behave professionally; victims need to know that there is relatively low risk in paying a ransom and not receiving a valid decryption key. Ransomware creators want to maintain good reputations, otherwise future victims will be less likely to pay. It is also important to understand that the supply chain of ransomware is not as simple as most people think — chances are that your computer has been infected by a botnet network, run by one cybercriminal group or another, which was hired by another criminal to deliver a payload that was bought from third criminal (and might have included an exploit bought from somewhere else). If the distributors cannot trust the ransomware creator, they’ll simply switch to another vendor. Many of these networks are well organized and even offer professional helpdesk assistance. If this is new to you, I highly recommend the book Spam Nation from Brian Krebs.
Now, how might ransomware authors evolve in the next generation? Let’s apply some economic principles to increase the impact. The goal for them is to find the ransomware equilibrium – the highest price that victims are willing to pay – and then find any variables that can further move the equilibrium to benefit the malware authors.