Ransomware is one of the most devastating threats in the contemporary digital landscape. In Australia, more than 865 documented attacks against organizations in Canada, New Zealand, and the United Kingdom were detected. These attacks had one particular feature: they were carried out by criminal groups, better known as ransomware gangs.  

What is ransomware?

Ransomware (from the English words “ransom” and “ware,” short for software) is a type of malicious program that restricts access to certain parts or files of the infected operating system and demands a ransom in exchange for removing this restriction.

Behind this blackmail tool are ransomware groups, companies that use advanced cryptovirus techniques to encrypt victims' data systems while demanding payments in cryptocurrency for encryption keys.

These criminal enterprises have evolved from simple encryption-based extortion to complex double and triple extortion schemes, where attackers not only encrypt data but also threaten to sell or expose information.  

What are RaaS services?

These ransomware groups purchase services known as RaaS (Ransomware as a Service). This business model consists of renting or selling software to cybercriminals, known as affiliates. This model allows even those without technical expertise to launch attacks. RaaS is interpreted as “the democratization of sophisticated tools.”

Analysts at the Australian Institute of Criminology (AIC) identified that it allows cybercriminals to move fluidly between different ransomware organizations, quickly adapting to market pressures and opportunities.

The data shows that groups that adopted RaaS models and maintained continuity achieved significantly higher attack rates than traditional operations. The encryption process uses military-grade cryptographic algorithms.

This increase in service contracting shows that organizations are more likely to pay ransoms to restore production capabilities quickly. 

How can we take action?

Research by the Australian Institute of Criminology emphasizes that, to contribute to this deeper analysis, we must stress the need for better collaboration between government and researchers, especially in relation to data sharing, and the critical importance of multidisciplinary research collaborations. 

In an international context of growing cyberattacks, CSRITs are fundamental in protecting citizens, institutions, and, consequently, businesses.