01/06/2021 | Press release | Distributed by Public on 02/06/2021 01:12
Earlier this month, a group of threat actors DarkSide made 4.4 million by striking a giant fuel company, Colonial Pipeline with a ransomware attack. The negotiation took place after the attack crippled the fuel supply to the East Coast, causing a temporary shutdown. Such deceitful groups have evolved in making money by illegally holding data for ransom. The presence of cryptocurrency has been the biggest motivation for these criminal minds.
Organizations pay ransom hoping to get their files decrypted. This only makes such groups richer and promotes them to repeat their actions. It is the same reason that makes ransomware attacks successful. Criminals making millions by introducing such malware has given rise to Ransomware-as-a-Service (RaaS) model.
A major sect of cybercriminals lacks the ability to write tedious codes. Ransomware gangs have created a new business trend of renting or selling ransomware on dark web platforms. RaaS developers create user-friendly websites and are sell RaaS Kits to less proficient hackers to make money by creating a portal. Affiliate programs bring in a certain part for the developer from the ransom paid by companies.
RaaS affiliates make victims fall prey to phishing emails convincing the victims to click on malicious links which downloads the ransomware in the system. On compromising the organization's defense mechanism, it results in encryption of the system. Cybercriminals provide the decryption key to the victim once they pay the ransom in bitcoins. REvil, Dharma, Lockbit are among those RaaS kits available on the dark web.
Ransomware attacks are targeting Healthcare, Manufacturing, Insurance, Technology, and Banking sectors as well as other targeted industries. Ransomware thugs have been on their toes with the ongoing Covid-19 vaccination production. They have been eyeing the healthcare sector since the beginning of the pandemic. Patient records are at stake when hospitals are under attack. Threat actors hold crucial data at educational institutes against ransom.The attackers breached millions of credit card and customer records using ransomware from banks.
Attack trends differ globally depending on the industries of importance in the countries. The percentage of these attacks has only risen since the last year. The first Quarter of 2021 has shown a drastic increase in ransomware threats with Asia Pacific most hit. The size of the organizations has never been the attacker's concern. Risk of public exposure to data, despite having a backup, is making the organizations pay ransom. Various organizations have encountered sophisticated tactics of common ransomware operators in major attack scenarios.
Earlier the purpose of ransomware operators was to encrypt data and decrypt it on payment of ransom. Nowadays, the story has changed. Threat actors have been doing thorough research on the organizations financial assets before attacking them. They install the ransomware with the purpose of stealing data to blackmail victims into paying the ransom.
In the past year, ransom demanded in bitcoin has risen. The amount is above five to six figures, resulting in millions of dollars. The attackers started establishing payment deadlines. But if the victim fails to pay the extortion in time, the ransom doubles. Organizations have a reputation to protect, keeping that in mind, ransomware gangs threaten to leak their crucial data on the dark web.