Ransomware Ecosystems and Trends

Ransomware Ecosystems and Trends
Duration: 60 Minutes
Module 1Module 1
Recorded on: 2022-04-26
Unit 1Presentation Materials: Ransomware Ecosystems and Trends
Unit 2Transcript: Ransomware Ecosystems and Trends
Unit 3Workbook: Ransomware Ecosystems and Trends
Unit 4Recording: Ransomware Ecosystems and Trends

When we think of law enforcement, the things we often attribute with it are tactical skills, public service, and keeping peace in the community. But at present, with the continuous technological advances in society and the bad guys leveraging online spaces for criminal activities, law enforcement is adapting to have a working knowledge of cybercrimes, which includes ransomware.

Special Agent (SA) Daniel Donahue leads this introductory discussion on ransomware for law enforcement. He is part of the Homeland Security Investigations (HSI) since 2015 and has been assigned to cyber investigations since 2018. He is currently the Program Manager of the Network Intrusion Section of the HSI Cyber Crimes Center.

Specifics of his discussion include:

  • An overview of the HSI Cyber Crime Center, the different units that are housed within, and the work it is involved in particularly in ransomware investigations.
  • Ransomware 101: Its working definition and the origins and development of ransomware through the years.
  • The cybercrime ecosystem that allows different forms of cybercrime including ransomware to proliferate.
  • The ransomware ecosystem that looks into the different actors involved in executing a ransomware attack and following up with victims to pay the ransom.
  • A glimpse into cybercrime groups, their organizational structure, tactics, and the recommended approach for law enforcement to better manage these criminal actors.
  • A step-by-step look into the anatomy of a ransomware attack from delivery to encryption.
  • Some of the most prolific ransomware groups, and the dynamics of the actors within its structures when a group is shut down by authorities.
  • Facts and figures that demonstrate…
    • The prevalence of ransomware attacks and the entities targeted.
    • The inaccuracy of available data which makes it challenging to truly understand the scope of the problem.
    • The opportunistic nature of ransomware attacks and the strategy often employed.
    • The common sectors and industries that are targeted by specific ransomware groups.
    • The estimated value that ransomware groups earn and organizations lose from these attacks.
  • Unpacking the double extortion strategy employed by ransomware groups where the targeted organization ends up losing either way.
  • How ransomware as a service program operates.
  • The most common ransomware attack vectors.
  • What ransomware looks like and the elements included in a ransom note or lock screen that provides the targeted entity with instructions on how ransom can be paid.
  • Ransomware actors in the media: Sharing their scare tactics, schemes, and operations to the public.
  • Resources to help organizations prevent ransomware attacks and effectively manage when an attack happens to them.
  • Strategies that law enforcement actors can implement in their efforts to deter and better handle and investigate ransomware-related cases.
  • HSI’s Operation Cyber Centurion initiative that proactively identified and notified companies that are potentially vulnerable to ransomware attacks to mitigate damage.

Points raised during the Q&A are about:

  • How cybercrime is committed on the dark web as well as on the “regular internet”.
  • The security level of cloud-based systems.
  • Vulnerability of mobile devices to ransomware and how it may impact work systems.
  • Recommended VPNs to use.
  • Prevalence of ransomware on Mac-based systems.


Audience Comments

  • “I didn’t realize how prevalent it is and the damage caused.” — Zenaida
  • “It’s just nice to have the training to have a wealth of continued information.” — Terry
  • “Different ransomware titles and their capabilities in integrating and infecting software and computer systems globally.” — Wade
  • “I really appreciated the information that some ransomware teams would help victims if they deemed them worthy. The examples of decrypting ransomware on health systems and nursing homes proved valuable since I work for a non-profit that assists the elderly. It’s another option, definitely not the first, but it is something to keep in mind.” — Darren
  • “I was not aware that the criminals had such organized ways of extorting money and that they even had customer service departments. Very interesting!” — Cheryl


Additional Resources
1 year ago
Online Course: Leadership and Ethics in Policing
The Leadership and Ethics in Policing program is a series of principles, known as “dynamics,” th […]
2 years ago
After the Webinar: Ransomware – Ecosystems and Trends. Q&A with Daniel Donahue
Webinar presenter Daniel Donahue answered a number of your questions after his presentation, Ransomw […]
4 years ago
Cyber Metrics for Agency Execs
Cyberthreats are plenty, thus securing technology and infrastructure is now integral in any business […]
6 years ago
Cybercrime and Defenses: An Interview with Stacey Wright
Cybercrime and threats can be confusing - particularly if you're not an IT person. The alphabet soup […]
6 years ago
Clarifying and Understanding Cyber Threats and Actors
Advances in technology have reaped the human race so many benefits; From the most mundane, daily act […]
6 years ago
How LEAs can Try to Take a Bite Out of CyberCrime: An Interview with PERF’s Maggie Brunner
While cybercrime has often been thought of as a "federal matter," more and more local law enforc […]