3rd Party Risk Management , Business Continuity Management / Disaster Recovery , Critical Infrastructure Security

Ransomware Evolves: Affiliates Set to Wield Greater Power

Operators Left Exposed After Overreaching, Says McAfee Enterprise’s John Fokker
John Fokker, principal engineer and head of cyber investigations for Advanced Threat Research at McAfee Enterprise

How is the ransomware ecosystem set to evolve?

See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response

Since ransomware-wielding attackers overreached - in particular after DarkSide hit Colonial Pipeline this past summer - the administrators of those groups have been banned from leading cybercrime forums, says John Fokker, the principal engineer and head of cyber investigations for Advanced Threat Research at McAfee Enterprise. And that change has affected ransomware operators' ability to recruit affiliates via forums and to use their malware against victims in exchange for a cut of every ransom a victim paid.

As a result, "what we're seeing, and what we think is going to happen, is that there is going to be a power balance shift," Fokker says. As detailed in a new ​report he co-authored, McAfee Enterprise predicts that experienced affiliates will more often be calling the shots and selling access to a victim to the highest ransomware operation bidder. Unfortunately, he adds, this more decentralized approach may also make it much more difficult to track ransomware operations, not least for law enforcement agencies.

In a video interview with Information Security Media Group, Fokker discusses:

  • How and why the ransomware-attacker balance of power has been shifting to favor affiliates;
  • Attackers' ongoing use of business email compromise and CEO fraud;
  • Likely changes in extortion and data breach tactics being wielded by criminals.

Fokker is the principal engineer and head of cyber investigations for Advanced Threat Research at McAfee Enterprise. He was previously the project leader for the cybercrime threat intelligence team for the Dutch Police.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.