Even cybercriminals need a digital home to operate out of, and within the past 12 months, domains that have been linked to ransomware schemes have increased by 3500 percent. Take a step back from a moment to let that sink in. That means that cybercriminals have found ransomware attacks so successful that they have more than doubled down their efforts and have truly set up shop in the internet.
The purpose of these domains is to act as a launching pad of sorts for the various malware that fraudsters use to commit their crime.
The domains not only host the malware but also serves as a communications relay center where information is sent from the end point (the victims system) back to the perpetrators system.
Server appliance vendor Infloblox credits the proliferation of the problem to the lack of protection and security measures that most companies employ and the fact that instead of working with authorities, the majority of companies that get hit by a ransomware merely comply with the hijacker’s demands. The frustrating thing is that ransomware is nothing new. It has been around for over a decade. While there is no “cure” once the ransomware hits your system, there are measures that business can take to decrease the risk of compromise or the risk of being held hostage over their data. Stricter security protocols, patching and updating software, and backing up data on a separate device, are all steps ensure that any ransomware attacks are unsuccessful. However, the sad reality is that few companies and even fewer personal users do this.
Surprisingly the UK has been revealed as a veritable warren of ransomware domains.
The UK along with countries like Russia, the Netherlands, Iceland and Portugal now host over 50 percent of all known ransomware domains on the planet. This is troubling on several levels as the UK has always been seen as the one of the most “western”, safest, stable and security minded countries, not only in the European Union, but among all nations of the world. However, according to Inflobox it is these very factors that attract cybercriminals. It seems that ransomware fraudsters also like the stability that nations like the UK can offer. The sophisticated and modern infrastructure that the UK is known for gives cybercriminals a safe haven to play in so long as they can worm their way in there. The ransomware attackers may not reside in the UK or keep their information in UK servers, but they purchase domains on those servers and use them to bridge the gap between their systems and their victims.
But the UK was not the first Western nation to be hit, not too long ago the majority of all ransomware domains resided in the USA, upwards of 72 percent. However, ransomware attackers are nothing if not versatile. They will continuously shift their domains residence to the host country that suits their needs the best. They are parasites. Smart, agile and ingenious parasites.
Yes, we should all be afraid.