How commodification of tactics and techniques birthed an industrial revolution of global cybercrime.
At the RSA Conference in 2020, Joel DeCapua, a supervisory special agent with the Federal Bureau of Investigation (FBI), revealed that ransomware groups had collectively earned over $144 million from 2013 through 2019, which was considered a staggering number at the time. However, in 2020 alone, ransomware groups reportedly earned $692 million from their collective attacks, nearly five times more than in the previous six years combined.
These numbers are likely undercounts of the true figures because of a lack of insight into the cryptocurrency wallets used by all of the ransomware groups along with delays in receiving such data. However, these numbers underscore one undeniable fact: ransomware has cemented itself as one the greatest threats to global organizations today — and it has become a lucrative criminal ecosystem in the process.
Advanced persistent threat (APT) groups have long been considered by many to be the most
dangerous threat to organizations. These groups focus more on cyberespionage and are less
financially driven, which limits their scope to a targeted set of organizations and governments.
Meanwhile, threat actors in the cybercrime world are primarily motivated by financial gain
because, as rapper DJ Quik says, “If it don’t make dollars, it don’t make sense.”