“In the field of crimeware, ransomware has long been the biggest threat – according to our data, it has increased by more than 50 percent in the last year, and it is certainly not a threat that is on the wane,” pointed out Jakub Souček, a security expert from the Prague research branch of Eset.
Security experts use the term crimeware to refer to large cyberattacks, the motivation of which is usually financial gain. “The gangs behind them are usually not sponsored by states,” Souček stated.
Ransomware continues to haunt. The ransom increased fivefold
Safety
Last year, he said, there were more than 4,000 ransomware attacks in which the feared data breach actually occurred. Dozens of companies and individuals in the Czech Republic experience an attempted blackmail virus attack every month.
“Our and public data clearly show that ransomware has been most active in the US for a long time, but it certainly does not avoid Europe, as we recently saw, for example, in the massive attack on the Romanian hospital system. In the Czech Republic, we observe that the most threatened areas are healthcare, education and public administration,” warned the security expert.
The ransom has increased
Experts from the cyber security company Sophos also draw attention to the dangers of ransomware attacks. “Ransomware attacks are still the most common threat driving the cybercrime economy today,” said John Shier, CTO at Sophos.
In addition, according to him, the ransom amount has increased fivefold over the past year. Even in 2023, the ransom was on average 400,000 dollars, which corresponds to 9.3 million crowns. This year, however, cybercriminals were not so modest, on the contrary, they paid a lot more. The ransom rose to an average of two million dollars (46.5 million crowns).
The Sophos survey also found that excluding ransom payments, the average cost of restoring operations and data reached $2.73 million (63.6 million crowns) in 2024, compared to only $1.82 million (42.4 million crowns) a year earlier crowns).
How does a ransomware attack work?
Ransomware attacks are almost always the same. First, attackers encrypt all data stored on the hard drive. For making them available, the attackers demand a ransom, even several thousand crowns.
As a rule, cybercriminals try to give the impression to the owner of the attacked machine that he will get access to his files after paying a fine. It was allegedly assessed for the use of illegal software, etc. That’s why a lot of people have already paid them the ransom.
However, even after paying the ransom, users may not be able to access their data. Instead of paying the ransom, it is necessary to uninstall the virus from the computer. However, in most cases it is impossible to access unbacked data.
“Junk gun” ransomware
Recently, cyber crooks have also raised the danger of extortion viruses to a completely new level, using the so-called junk gun ransomware.
The term “junk gun” is used informally primarily in the US for a weapon that can be easily obtained and concealed. And it probably describes how the creators of extortion viruses work now. This is ransomware that can be purchased on the darknet for a fee by virtually anyone, even without in-depth technical experience, and can be used to attack any target.
Until now, the black market of the Internet offered only sophisticated ransomware viruses that anyone could rent for targeted attacks. Security experts often refer to this model as RaaS, i.e. ransomware as a service.
But that is changing with the “junk gun” ransomware. And security experts rightly point out that this is a much bigger problem for ordinary users than it might seem at first glance. “Instead of selling or buying ransomware as a service, attackers are creating and selling unsophisticated variants of ransomware for a one-time price – which other attackers sometimes see as an opportunity to target small and medium-sized businesses, and even individuals,” warned Christopher Budd, director of threat research at by Sophos.
According to him, the “junk gun” ransomware is being offered on the black Internet market for $375, i.e. roughly equivalent to less than nine thousand crowns. This is significantly less than RaaS suites, which often cost up to three times as much.
How the darknet works
Darknet was originally created with a noble idea, it was supposed to be a space on the Internet without regulations and state supervision. So at first it served primarily as an anonymous digital space in countries where there is heavy censorship on the networks, and it serves these purposes even now.
Gradually, however, the darknet began to attract criminals who, under the guise of anonymity, could sell practically any goods without restrictions – it is not a problem to find drugs, weapons, medicines, forged documents, malicious software or stolen personal data of ordinary users on the Internet black market.
People can connect to the darknet through special Internet browsers that are able to work over encrypted networks and offer configuration of communication protocols and ports.
Virtual coins are used as payment here, most often bitcoins, ethereum or monero, thanks to which buyers and sellers are practically untraceable. The defenders of the law therefore have only very limited options to stop trading on the black Internet market.
Cybercriminals are stealing identities more and more often
Safety
