Ransomware gold rush going on

Ransomware is not a new phenomenon, yet 2020 witnessed digital extortion mutating into a beast that can impact everyone and even have the capacity to take human life. ESET’s Ondrej Kubovic thinks we’re victims of an unlucky coincidence. 

Anyone who has at least mild interest in the news could name at least a couple of noticeable ransomware attacks. Threat actors targeting Colonial Pipeline and meatpacker JBS were almost impossible to miss in the last few weeks.

In only six months of 2021, both Ireland’s and New Zealand’s health systems, together with hospitals in Germany, were held at digital gunpoint, facing demands to pay criminals for stolen data.
Due to operational disruptions caused by a ransomware attack, a hospital in Germany could not accept a patient suffering from COVID-19 complications. Diverted to another hospital, the patient did not survive.

“No matter the region, no matter the industry. Attacks such as the one in Germany represent a new cybercriminal wave or a gold rush, if you will. With ransomware gangs being at its forefront. And let me assure you, the situation is really dire. Actually, it has never been worse,” Ondrej Kubovic, ESETs Security awareness specialist, said during the ESET World 2021 conference last week.
According to Kubovic, ransomware operations have increased due to a change in criminal tactics, namely, the use of double extortion or doxing. Criminal gangs insert themselves into critical systems, steal sensitive data, and disrupt victims’ daily operations.

The victim is forced to pay money for stolen data and digital keys that allow continuing operations. For maximum effect, criminals target businesses that have sensitive data and cannot handle halt in operations.

The now-defunct Maze cartel brought ransomware doxing technique to the forefront in late 2019. Competitors, however, soon realized its potential. Criminal gangs like Sodinobiki, Abaddon, Cl0p, DoppelPaymer, and others were quick to catch up.

“Ransomware gangs became much more focused and much more targeted, finding their victims in almost every possible industry that showed even the slightest vulnerability, including military, public administration, and, of course, hospitals and emergency services. And if the initial intrusion was successful, cyber-criminals made the most of it,” Kubovic said.

Suppose a victim, such as Colonial Pipeline, is a critical energy supplier. In that case, it is likely to pay hefty ransom demands since millions of people depend on such companies to operate continuously.

According to Kubovic, once threat actors successfully infest their victims’ systems, imaginations on how to force them into paying run wild. Since distributed-denial-of-service (DDoS) attacks have become a dire norm, gangs apply pressure by hijacking internal printer systems to allow every connected member of the organization to see the situation the company is in.

If that’s not enough, floods of emails are sent to victims’ clients, threatening to reveal any sensitive data threat actors have on them. That’s meant to encourage clients to apply additional pressure on the victim to pay up.

Full article on https://cybernews.com/security/ransomware-gold-rush-why-now/

#ransomware #goldrush #cybersecurity #yokdata #mindyourdata