Ransomware in the News
The impacts of a ransomware attack reach much further than technological or financial consequences on the business – they also take a toll on the humans behind IT security and their abilities to address future threats. "Experiencing a ransomware attack firsthand adds even greater strain, undermining confidence in their own abilities and preparedness.”
Over a third of cyber-attacks observed by Kroll in 2020 can be attributed to three main ransomware gangs. "Ryuk and Sodinokibi, perennially the most observed form of ransomware attack in Kroll’s cases, have been joined by Maze as the top three ransomwares so far in 2020, comprising 35% of all cyber-attacks," and over two-fifths (42%) of Kroll’s cases with a known ransomware variant are connected to a ransomware group actively exfiltrating and publishing victim data,".
A widespread hacking operation that has been targeting organisations around the world in a phishing and malware campaign that has been active since 2016 has now switched to ransomware attacks, reflecting how successful ransomware has become as a money-making tool for cyber criminals. Dubbed FIN11 who describe the hackers as a 'well-established financial crime group' which has conducted some of the longest running hacking campaigns.
Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today.
In its advisory (PDF), the Treasury’s Office of Foreign Assets Control (OFAC) said “companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”
Those that run afoul of OFAC sanctions without a special dispensation or “license” from Treasury can face several legal repercussions, including fines of up to $20 million.
The ransomware group REvil has deposited $1m worth of bitcoins into a hacker forum to initiate recruitment of affiliates. REvil seeks to hire affiliates who are skilled at penetration testing and other hacker routines, as well as people who have experience with hacking but do not have access to work.
Ransomware incidents appeared to explode in June 2020. Ransom demands are increasing exponentially. In some cases, IBM Security X-Force is seeing ransom demands of more than $40 million. Attackers are finding schools and universities to be an even more attractive target for ransomware attacks, especially as they begin classes virtually or are experimenting with hybrid environments due to COVID-19.
There’s plenty of evidence to indicate that cybercriminal groups consider the human foibles of their victims. According to Microsoft, ransomware actors actively switch tactics and tools depending on the specific security environment they encounter upon initial network access, or plan attacks around holidays and other times when they know the patching response will be slow.