Anyone can buy a ransomware program for as little as $66 or hire a cybercriminal for $250. If you spend more time searching on underground forums, you can even get a set for phishing attacks for free. While such illegal methods may be inexpensive, the damage they cause can be significant.
The low cost of malware is one of the reasons for the increase in the number of cyber incidents. Phishing has become more popular than ever. According to the FBI’s Internet Crime Complaint Center (IC3), the number of phishing complaints more than doubled in 2020 to 241,342 cases compared to the previous year. In 2020, a record number of phishing sites was recorded — 2 million (the largest figure in the last decade).
Phishing kits are ZIP files with all the scripts needed to carry out the attack. Such kits allow anyone with minimal programming skills to conduct massive extortion campaigns. In 2019, the average price of a phishing kit was $304, and prices ranged from $20 to $880.
According to the IBM Cost of a Data Breach report, in 2021, ransomware attacks cost companies an average of $4.62 million (not including the amount of the required ransom). While ransomware makes headlines, other, more sophisticated attacks show how far attackers will go to achieve their goals. For example, Lithuanian citizen Evaldas Rimasauskas, together with his accomplices, created a fake company in order to imitate Quanta Computer, a Taiwanese business partner of Google and Facebook. The fake company sent out phishing emails with fake invoices attached. Fraudsters tricked Google and Facebook into transferring more than $100 million to bank accounts in Latvia and Cyprus.
Phishing accounts for 42% of cases of infection with ransomware. Another 42% of ransomware attacks occur through open Remote Desktop Protocol (RDP) services. Attacks on RDP services use “brute force”, unreliable credentials or phishing to gain access to legitimate credentials.