Ahmad Faizun, Jakarta, 24 January 2022
“Ransomware keeps evolving, getting faster, smarter – and costlier – at every turn”
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.
Starting as early as 1989 with the first documented ransomware known as the AIDS trojan, the use of ransomware scams has grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018. This record marks a 229% increase over this same time frame in 2017. In June 2014, vendor McAfee released data showing that it had collected more than double the number of ransomware samples that quarter than it had in the same quarter of the previous year.CryptoLocker was particularly successful, procuring an estimated US$3 million before it was taken down by authorities, and CryptoWall was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over US$18 million by June 2015. In 2020, the IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million. The losses could be more than that according to FBI.
Now, the malware attack even more dangerous and vast growing. With the cloud technology becoming easy and accessible around the Globle. The perpetrator make it spread event faster by developing RaaS (“Ransomware as a Service”).
How does ransomware as a service work?
RaaS is all about providing ransomware in a software as a service (SaaS) model. At the top of the organizational hierarchy is the RaaS operator. This is the group that develops the ransomware payload that encrypts user data. They continuously develop new malware using the existing vulnerabilities in many system. The money generate from the ransomware is very generous and lucrative. They split the money from the victim between the agent who “sell” or put the malware in an Organization with the RaaS Operation as the inventor and operator of money laundering activities that coming from successful RaaS attack. Thus, making this is one of a very growing dark business.
The RaaS operator also operates all back-end infrastructure for running the ransomware campaign. That involves the ransomware code, a portal that enables potential customers to sign up and use the service and customer service to support campaigns. Full-service RaaS operators also handle the ransomware payments -- typically via a cryptocurrency such as Bitcoin -- and provide decryption keys to victims who pay the ransom. In addition, RaaS operators actively advertise their services on different underground forums across the dark web.
There are several different revenue and business models for RaaS. As a SaaS model, RaaS is offered to potential users on a monthly subscription basis, or as a one-time fee. Another common way that RaaS operators work is with an affiliate model. With the affiliate RaaS model, the RaaS operator takes a predetermined percentage of every ransom payout by victims who pay a ransom.
Ransomware vs. ransomware as a service
Ransomware is the actual malware payload that is used to encrypt the data of a victim's system. Once a system is infected with ransomware, a ransom demand is made to the victim to pay a ransom. If and when the victim pays the ransom, the attacker provides a decryption key to restore the encrypted data.
Ransomware is something that RaaS operators provide as a service. A single threat actor can develop their own ransomware code, but it is limited in reach.
RaaS expands the accessibility and potential reach of ransomware. Instead of a single group using ransomware code to attack victims, many groups of attackers can use RaaS to exploit victims with a ransomware infection.
The Future of Ransomware Looks Bright for the Bad Guys
Ransomware isn’t going out of style anytime soon. Ransomware danger skyrocketed in the first half of 2021, with an estimated 304.7 million attempted ransomware attacks. The 9th edition of the ENISA Threat Landscape (ETL) report was recently released, giving us a new look at ransomware today and some key indicators for its performance tomorrow. NISA just named ransomware its top threat for the 2020-2021 reporting period, a huge leap on their threat chart; ransomware was in thirteenth place in the previous report.
Even More Extortion is On the Way
The report noted a marked increase in double and triple extortion ransomware attacks during 2021, which they define as: “After initially stealing and encrypting sensitive data from organisations and threatening to release it publicly unless a payment is made, attackers also target the organisations’ customers and/or partners for ransom to maximise their profits.” Researchers noted that the threat to leak exfiltrated data has increased significantly, from 8.7% in 2020 to 81% in 2021 Q2. ENISA experts also cautioned that they’re seeing more triple extortion ransomware and beyond, citing research that that describes the use of DDoS attacks as the triple extortion vector resulting in the ransom towards the victim’s client then becoming the quadruple extortion.
Ransoms Will Keep Growing
The average ransom amount doubled over the last year. A recent Tripwire report declared that the average ransom paid by organizations has increased by 82% over the already huge demands logged in 2020. The average demand is now a record $570,000 (£414,000), compared with just $170,000 (£123,000) in 2020. A recent record-breaking ransomware demand against Acer reportedly hit $50 million. ENISA researchers agreed that ransoms have skyrocketed, observing that over just a few months of their tracking, the highest demand made in 2020 more than doubled in 2021.
Post-Ransomware Costs Will Keep Climbing
The ETL included the results of a survey conducted across 30 countries that showed that the overall cost of remediating a ransomware attack has doubled in just one year, from $761,106 in 2020 to $1.85 million in 2021. The average downtime of organizations hit with a ransomware attack has also increased from 15 days in Q1 2020 to 23 days in Q2 2021.266. The report also explained that they’re seeing longer-lasting revenue repercussions for businesses impacted by ransomware. A survey of 1,263 respondents reported that 66% of their organizations suffered significant revenue losses due to ransomware attacks.
Ransomware as a Weapon
In December 2020 the true impact of a massive, precisely targeted nation-state attack was felt by the United States government and many large corporations in the wake of a breach at cybersecurity software giant SolarWinds. A messy tangle of back doors, credential compromise, fake patches, malicious code, business email compromise, phishing, and more was unraveled exposing the alarming fact that likely Russia-sponsored nation-state hackers had been inside US government and defense agency systems for months, accessing all sorts of information. The same group of hackers was also linked to attacks at Microsoft, Cisco, FireEye and more major tech players. This is one of the largest demonstrations so far of ransomware’s use as a tool of espionage, destruction, terrorism or even war.
One of big company in the US has to re-install thousands of servers and PCs, that cost them 300 Mio USD to back in Business and hurt them more in terms of business disruptions and reputation loss.
Nation-State Cybercriminals Will Keep Using Ransomware to Generate Revenue
Attacks with Pinpoint Accuracy
Targeted ransomware attacks are on the rise, growing by an eye-popping 767%, easily dwarfing all other types. Some industries are being battered by an excessive number of sophisticated, targeted ransomware attacks. The banking sector has been getting creamed, with ransomware attacks up by more than 1300%. Healthcare targets have also been under siege. In 2020, 560 healthcare facilities were affected by ransomware attacks in 80 separate incidents. This increase has been especially felt in the APAC region. Recent numbers logged by UK researchers tell a chilling tale as well, with a record-breaking 11% year-on-year increase in attacks against UK targets in Q1 2021. UK businesses encountered 172,079 cyberattacks each, on average, between January and March 2021, the equivalent of 1,912 per day.
Ransomware can be categorized into three main forms - locker, crypto, and scareware (Gomez-Hernandez, Alvarez-Gonzalez, Garcia-Teodoro, 2018, Kok, Abdullah, Jhanjhi, Supramaniam, 2019) - as shown in below.
Scareware may use pop-up ads to manipulate users into assuming that they are required to download certain software, thereby using coercion techniques for downloading malware. In scareware, the cyber crooks exploit the fear rather than lock the device or encrypt any data (Andronio et al., 2015). This form of ransomware does not do any harm to the victim’s computer. The aim of locker ransomware is to block primary computer functions. Locker ransomware may encrypt certain files which can lock the computer screen and/or keyboard, but it is generally easy to overcome and can often be resolved by rebooting the computer in safe mode or running an on-demand virus scanner (Adamu and Awan, 2019).
Locker ransomware may allow limited user access. Crypto ransomware encrypts the user’s sensitive files but does not interfere with basic computer functions. Unlike locker ransomware, crypto ransomware is often irreversible as current encryption techniques (e.g., AES and RSA) are nearly impossible to revert if implemented properly (Gomez-Hernandez, Alvarez-Gonzalez, Garcia-Teodoro, 2018, Nadir, Bakhshi, 2018). Table 1 presents a few popular ransomware families. Crypto ransomware can use one of three encryption schemes: symmetric, asymmetric, or hybrid (Cicala and Bertino, 2020). A purely symmetric approach is problematic as the encryption key must be embedded in the ransomware (Dargahi et al., 2019). This makes this approach vulnerable to reverse engineering. The second approach is to use asymmetric encryption. The issue with this approach is that asymmetric encryption is slow compared to symmetric encryption and hence struggles to encrypt larger files (Bajpai et al., 2018).
Can we recover from this kind of attack? No, unless we pay. It highly suggest that we do not pay any penny to those attackers. US government, starting in 2001, they will impose a fine to anybody or entities that pay the ransomware attacker, including all participating parties, such as bank and Crypto Exchange that support such transactions. With the help of many Data Scientist experts and international collaboration, FBI has successfully seize the crypto money from this illegal attacks and return it to the ransomware victims.
If we cannot recover from such attack, we better focus on defensive efforts that can protect us from being exploited by the attackers.
TIPS & GUIDANCE
Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations large and small. Apply these tips and practices to avoid attack.
Good Cyber Hygiene Habits Keep Your Network Healthy
Conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices, to limit the attack surface.
When in Doubt, Report It Out
Victims of ransomware should report to federal law enforcement via IC3 or a Secret Service Field Office, and can request technical assistance or provide information to help others by contacting CISA.
Backing Up Is Your Best Bet
Maintain offline, encrypted backups of data and regularly test your backups.
Keep Calm and Patch On
Regularly patch and update software and Operating Systems.
Keep operating systems, software, and applications current and up to date.
Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
Back up data regularly and double-check that those backups were completed.
Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
Create a continuity plan in case your business or organization is the victim of a ransomware attack.
How to Respond and Report
The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.
If you are a victim of ransomware:
Contact your local FBI field office to request assistance, or submit a tip online.
File a report with the FBI’s Internet Crime Complaint Center (IC3).
In Indonesia, you may contact BSSN, https://bssn.go.id to call for support to prevent the malware entering your organization premises or after an successful attacks in your Information System.
Be Safe, Be Smart, always keep your data in good manner.
References:
Ransomware: Recent advances, analysis, challenges and future research directions, Author links open overlay panel, Craig Beamana Ashley Barkwortha Toluwalop David Akande aSaqib Hakaka Muhammad Khurram Khanb, Computers & Security, Volume 111, December 2021, 102490
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
https://www.cisa.gov/stopransomware
https://mitigatecyber.com/ransomware-past-present-and-future/
https://www.graphus.ai/blog/a-look-into-the-future-of-ransomware/
https://www.zdnet.com/article/ransomware-as-a-service-is-the-new-big-problem-for-business/
https://www.forbes.com/sites/servicenow/2022/01/21/the-truth-about-chatbots/?sh=3a1150fc797d
https://whatis.techtarget.com/definition/ransomware-as-a-service-RaaS
https://umbrella.cisco.com/ransomware-defense-dummies-2nd-edition?utm_medium=search-paid&utm_source=google&utm_campaign=UMB_22Q2_SEA_EN_GS_Nonbrand_Threats&utm_term=pgm&utm_content=cs-fy2020-q2-ebook-ransomware-defense-for-dummies-2nd-edition&_bt=534974139553&_bk=ransomware%20as%20a%20service&_bm=e&_bn=g&_bg=128076419194&gclid=CjwKCAiAlrSPBhBaEiwAuLSDUP_XyktLEZw2W9YZaJhbaKFQlhFqIfD4qlJJfeNie4RDkIRt767D9RoCQloQAvD_BwE
https://en.wikipedia.org/wiki/Ransomware
https://www.google.com/search?q=future+of+ransomeware&client=safari&rls=en&sxsrf=AOaemvKY62LJjy-jbkBUjcb1_kwMiUfUnw%3A1642974745698&ei=Gc7tYd6XKquUseMPjd6J0A4&ved=0ahUKEwieiN7w7cj1AhUrSmwGHQ1vAuoQ4dUDCA0&uact=5&oq=future+of+ransomeware&gs_lcp=Cgdnd3Mtd2l6EAMyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECc6BwgAEEcQsAM6BwgAELADEENKBAhBGABKBAhGGABQxCFY1UdgmkpoAnACeACAAQCIAQCSAQCYAQCgAQGwAQrIAQrAAQE&sclient=gws-wiz
https://www.itproportal.com/features/the-future-of-ransomware-2022-and-beyond/
https://www.darkreading.com/vulnerabilities-threats/the-future-of-ransomware
https://en.wikipedia.org/wiki/Ransomware
“Ransomware keeps evolving, getting faster, smarter – and costlier – at every turn”
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.
Starting as early as 1989 with the first documented ransomware known as the AIDS trojan, the use of ransomware scams has grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018. This record marks a 229% increase over this same time frame in 2017. In June 2014, vendor McAfee released data showing that it had collected more than double the number of ransomware samples that quarter than it had in the same quarter of the previous year.CryptoLocker was particularly successful, procuring an estimated US$3 million before it was taken down by authorities, and CryptoWall was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over US$18 million by June 2015. In 2020, the IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million. The losses could be more than that according to FBI.
Now, the malware attack even more dangerous and vast growing. With the cloud technology becoming easy and accessible around the Globle. The perpetrator make it spread event faster by developing RaaS (“Ransomware as a Service”).
How does ransomware as a service work?
RaaS is all about providing ransomware in a software as a service (SaaS) model. At the top of the organizational hierarchy is the RaaS operator. This is the group that develops the ransomware payload that encrypts user data. They continuously develop new malware using the existing vulnerabilities in many system. The money generate from the ransomware is very generous and lucrative. They split the money from the victim between the agent who “sell” or put the malware in an Organization with the RaaS Operation as the inventor and operator of money laundering activities that coming from successful RaaS attack. Thus, making this is one of a very growing dark business.
The RaaS operator also operates all back-end infrastructure for running the ransomware campaign. That involves the ransomware code, a portal that enables potential customers to sign up and use the service and customer service to support campaigns. Full-service RaaS operators also handle the ransomware payments -- typically via a cryptocurrency such as Bitcoin -- and provide decryption keys to victims who pay the ransom. In addition, RaaS operators actively advertise their services on different underground forums across the dark web.
There are several different revenue and business models for RaaS. As a SaaS model, RaaS is offered to potential users on a monthly subscription basis, or as a one-time fee. Another common way that RaaS operators work is with an affiliate model. With the affiliate RaaS model, the RaaS operator takes a predetermined percentage of every ransom payout by victims who pay a ransom.
Ransomware vs. ransomware as a service
Ransomware is the actual malware payload that is used to encrypt the data of a victim's system. Once a system is infected with ransomware, a ransom demand is made to the victim to pay a ransom. If and when the victim pays the ransom, the attacker provides a decryption key to restore the encrypted data.
Ransomware is something that RaaS operators provide as a service. A single threat actor can develop their own ransomware code, but it is limited in reach.
RaaS expands the accessibility and potential reach of ransomware. Instead of a single group using ransomware code to attack victims, many groups of attackers can use RaaS to exploit victims with a ransomware infection.
The Future of Ransomware Looks Bright for the Bad Guys
Ransomware isn’t going out of style anytime soon. Ransomware danger skyrocketed in the first half of 2021, with an estimated 304.7 million attempted ransomware attacks. The 9th edition of the ENISA Threat Landscape (ETL) report was recently released, giving us a new look at ransomware today and some key indicators for its performance tomorrow. NISA just named ransomware its top threat for the 2020-2021 reporting period, a huge leap on their threat chart; ransomware was in thirteenth place in the previous report.
Even More Extortion is On the Way
The report noted a marked increase in double and triple extortion ransomware attacks during 2021, which they define as: “After initially stealing and encrypting sensitive data from organisations and threatening to release it publicly unless a payment is made, attackers also target the organisations’ customers and/or partners for ransom to maximise their profits.” Researchers noted that the threat to leak exfiltrated data has increased significantly, from 8.7% in 2020 to 81% in 2021 Q2. ENISA experts also cautioned that they’re seeing more triple extortion ransomware and beyond, citing research that that describes the use of DDoS attacks as the triple extortion vector resulting in the ransom towards the victim’s client then becoming the quadruple extortion.
Ransoms Will Keep Growing
The average ransom amount doubled over the last year. A recent Tripwire report declared that the average ransom paid by organizations has increased by 82% over the already huge demands logged in 2020. The average demand is now a record $570,000 (£414,000), compared with just $170,000 (£123,000) in 2020. A recent record-breaking ransomware demand against Acer reportedly hit $50 million. ENISA researchers agreed that ransoms have skyrocketed, observing that over just a few months of their tracking, the highest demand made in 2020 more than doubled in 2021.
Post-Ransomware Costs Will Keep Climbing
The ETL included the results of a survey conducted across 30 countries that showed that the overall cost of remediating a ransomware attack has doubled in just one year, from $761,106 in 2020 to $1.85 million in 2021. The average downtime of organizations hit with a ransomware attack has also increased from 15 days in Q1 2020 to 23 days in Q2 2021.266. The report also explained that they’re seeing longer-lasting revenue repercussions for businesses impacted by ransomware. A survey of 1,263 respondents reported that 66% of their organizations suffered significant revenue losses due to ransomware attacks.
Ransomware as a Weapon
In December 2020 the true impact of a massive, precisely targeted nation-state attack was felt by the United States government and many large corporations in the wake of a breach at cybersecurity software giant SolarWinds. A messy tangle of back doors, credential compromise, fake patches, malicious code, business email compromise, phishing, and more was unraveled exposing the alarming fact that likely Russia-sponsored nation-state hackers had been inside US government and defense agency systems for months, accessing all sorts of information. The same group of hackers was also linked to attacks at Microsoft, Cisco, FireEye and more major tech players. This is one of the largest demonstrations so far of ransomware’s use as a tool of espionage, destruction, terrorism or even war.
One of big company in the US has to re-install thousands of servers and PCs, that cost them 300 Mio USD to back in Business and hurt them more in terms of business disruptions and reputation loss.
Nation-State Cybercriminals Will Keep Using Ransomware to Generate Revenue
Attacks with Pinpoint Accuracy
Targeted ransomware attacks are on the rise, growing by an eye-popping 767%, easily dwarfing all other types. Some industries are being battered by an excessive number of sophisticated, targeted ransomware attacks. The banking sector has been getting creamed, with ransomware attacks up by more than 1300%. Healthcare targets have also been under siege. In 2020, 560 healthcare facilities were affected by ransomware attacks in 80 separate incidents. This increase has been especially felt in the APAC region. Recent numbers logged by UK researchers tell a chilling tale as well, with a record-breaking 11% year-on-year increase in attacks against UK targets in Q1 2021. UK businesses encountered 172,079 cyberattacks each, on average, between January and March 2021, the equivalent of 1,912 per day.
Ransomware can be categorized into three main forms - locker, crypto, and scareware (Gomez-Hernandez, Alvarez-Gonzalez, Garcia-Teodoro, 2018, Kok, Abdullah, Jhanjhi, Supramaniam, 2019) - as shown in below.
Scareware may use pop-up ads to manipulate users into assuming that they are required to download certain software, thereby using coercion techniques for downloading malware. In scareware, the cyber crooks exploit the fear rather than lock the device or encrypt any data (Andronio et al., 2015). This form of ransomware does not do any harm to the victim’s computer. The aim of locker ransomware is to block primary computer functions. Locker ransomware may encrypt certain files which can lock the computer screen and/or keyboard, but it is generally easy to overcome and can often be resolved by rebooting the computer in safe mode or running an on-demand virus scanner (Adamu and Awan, 2019).
Locker ransomware may allow limited user access. Crypto ransomware encrypts the user’s sensitive files but does not interfere with basic computer functions. Unlike locker ransomware, crypto ransomware is often irreversible as current encryption techniques (e.g., AES and RSA) are nearly impossible to revert if implemented properly (Gomez-Hernandez, Alvarez-Gonzalez, Garcia-Teodoro, 2018, Nadir, Bakhshi, 2018). Table 1 presents a few popular ransomware families. Crypto ransomware can use one of three encryption schemes: symmetric, asymmetric, or hybrid (Cicala and Bertino, 2020). A purely symmetric approach is problematic as the encryption key must be embedded in the ransomware (Dargahi et al., 2019). This makes this approach vulnerable to reverse engineering. The second approach is to use asymmetric encryption. The issue with this approach is that asymmetric encryption is slow compared to symmetric encryption and hence struggles to encrypt larger files (Bajpai et al., 2018).
Can we recover from this kind of attack? No, unless we pay. It highly suggest that we do not pay any penny to those attackers. US government, starting in 2001, they will impose a fine to anybody or entities that pay the ransomware attacker, including all participating parties, such as bank and Crypto Exchange that support such transactions. With the help of many Data Scientist experts and international collaboration, FBI has successfully seize the crypto money from this illegal attacks and return it to the ransomware victims.
If we cannot recover from such attack, we better focus on defensive efforts that can protect us from being exploited by the attackers.
TIPS & GUIDANCE
Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations large and small. Apply these tips and practices to avoid attack.
Good Cyber Hygiene Habits Keep Your Network Healthy
Conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices, to limit the attack surface.
When in Doubt, Report It Out
Victims of ransomware should report to federal law enforcement via IC3 or a Secret Service Field Office, and can request technical assistance or provide information to help others by contacting CISA.
Backing Up Is Your Best Bet
Maintain offline, encrypted backups of data and regularly test your backups.
Keep Calm and Patch On
Regularly patch and update software and Operating Systems.
Keep operating systems, software, and applications current and up to date.
Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
Back up data regularly and double-check that those backups were completed.
Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
Create a continuity plan in case your business or organization is the victim of a ransomware attack.
How to Respond and Report
The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.
If you are a victim of ransomware:
Contact your local FBI field office to request assistance, or submit a tip online.
File a report with the FBI’s Internet Crime Complaint Center (IC3).
In Indonesia, you may contact BSSN, https://bssn.go.id to call for support to prevent the malware entering your organization premises or after an successful attacks in your Information System.
Be Safe, Be Smart, always keep your data in good manner.
References:
Ransomware: Recent advances, analysis, challenges and future research directions, Author links open overlay panel, Craig Beamana Ashley Barkwortha Toluwalop David Akande aSaqib Hakaka Muhammad Khurram Khanb, Computers & Security, Volume 111, December 2021, 102490
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
https://www.cisa.gov/stopransomware
https://mitigatecyber.com/ransomware-past-present-and-future/
https://www.graphus.ai/blog/a-look-into-the-future-of-ransomware/
https://www.zdnet.com/article/ransomware-as-a-service-is-the-new-big-problem-for-business/
https://www.forbes.com/sites/servicenow/2022/01/21/the-truth-about-chatbots/?sh=3a1150fc797d
https://whatis.techtarget.com/definition/ransomware-as-a-service-RaaS
https://umbrella.cisco.com/ransomware-defense-dummies-2nd-edition?utm_medium=search-paid&utm_source=google&utm_campaign=UMB_22Q2_SEA_EN_GS_Nonbrand_Threats&utm_term=pgm&utm_content=cs-fy2020-q2-ebook-ransomware-defense-for-dummies-2nd-edition&_bt=534974139553&_bk=ransomware%20as%20a%20service&_bm=e&_bn=g&_bg=128076419194&gclid=CjwKCAiAlrSPBhBaEiwAuLSDUP_XyktLEZw2W9YZaJhbaKFQlhFqIfD4qlJJfeNie4RDkIRt767D9RoCQloQAvD_BwE
https://en.wikipedia.org/wiki/Ransomware
https://www.google.com/search?q=future+of+ransomeware&client=safari&rls=en&sxsrf=AOaemvKY62LJjy-jbkBUjcb1_kwMiUfUnw%3A1642974745698&ei=Gc7tYd6XKquUseMPjd6J0A4&ved=0ahUKEwieiN7w7cj1AhUrSmwGHQ1vAuoQ4dUDCA0&uact=5&oq=future+of+ransomeware&gs_lcp=Cgdnd3Mtd2l6EAMyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECcyBwgjEOoCECc6BwgAEEcQsAM6BwgAELADEENKBAhBGABKBAhGGABQxCFY1UdgmkpoAnACeACAAQCIAQCSAQCYAQCgAQGwAQrIAQrAAQE&sclient=gws-wiz
https://www.itproportal.com/features/the-future-of-ransomware-2022-and-beyond/
https://www.darkreading.com/vulnerabilities-threats/the-future-of-ransomware
https://en.wikipedia.org/wiki/Ransomware