Ransomware: A Market Problem Deserves a Market Solution

R Evil is an excellent choice for a villain’s moniker. Revil. It’s both evil and amusing. I can see Black Widow, Hulk, and Spider-Man banding together to overthrow REvil Incorporated’s leadership. The criminal organization known as REvil may have been responsible for ransomware assaults against hundreds of small businesses around the world last summer, but the ransomware problem is much larger than REvil, LockBit, or DarkSide. Although Ravil has vanished from the internet, the ransomware problem continues.

Ravil is a symptom, not the root of the problem. I tell Tony Stark and the rest of the Avengers to go beyond any single criminal organization because there is no single evil mastermind. Ransomware is the most recent in a 50,000-year history of minor crooks devising get-rich-quick scams.

The lack of centralized control is to blame for the tremendous increase in ransomware attacks. Last year, over 304 million ransomware assaults affected organizations around the world, with average expenses exceeding $178,000 per incident. Technology has created a market in which a large number of petty offenders may make a lot of money quickly. A market-based approach is the greatest method to combat this type of threat.

The rise in ransomware attacks around the world reflects a tremendous “dumbing down” of criminal behavior. People trying to make an illegal buck now have a lot more possibilities than they did even two years ago. People who lack technological skills can take your data, hold it for ransom, and force you to pay a ransom to get it back. Law enforcement has yet to respond to this type of cybercrime and large, sophisticated criminal networks have yet to figure out how to keep up with the invading newcomers.

The “as a service” economy is to blame for the rise in ransomware attacks. We’re talking about RaaS, or ransomware as a service, in this case. This works because the increased sophistication afforded by the division of labor and specialization improves each operation in the ransomware chain. Someone identifies a weak spot in the system. Outside of the domain of competent law enforcement, someone offers bulletproof infrastructure. The malicious code is provided by someone.

The players don’t know each other’s names when they meet. Mr. Pink, Mr. Blonde, and Mr. Orange no longer need to meet in person because task coordination has become simple. Because of the quick pace of technical advancement, a decentralized market emerged, allowing amateurs to engage in high-value criminal activity.

In the same way that there is a gig economy in the legitimate corporate sector, there is one in the underworld. Despite being an economist, I’ve founded two profitable software startups. I use open source software and cloud computing to rent infrastructure.