Ransomware attacks are increasing with more dangerous hybrids ahead

Over the past several years, the emergence of big-ticket, destructive ransomware attacks jolted the U.S. government into action to circumscribe the predominately Russian-based threat actors behind the scourge. At the same time, ransomware has been a critical factor driving the growth in corporate cybersecurity budgets as organizations grapple with the often-crippling threat.

Despite the policy measures and increased private sector funding to slow down the drumbeat of attacks, ransomware threats remained a top topic at this year’s RSA conference. Experts at the event underscored that Russian state-sanctioned criminal actors are not the only ransomware threat actors to fear, nor are ransomware attacks decreasing despite the intensified efforts to nip them in the bud. The same actions taken to quash ransomware activity might end up forging alliances among financially motivated threat actors to create hybrid cyber-attacks that meld social engineering with ransomware.

Iran is a ransomware innovator

Speaking at RSA, Dmitri Alperovitch, executive chairman at Silverado Policy Accelerator and co-founder and former CTO at CrowdStrike, said Iran is an innovator in ransomware with its SamSam ransomware. He noted that it was an Iranian group that attacked the city of Atlanta and the state of Colorado with this malware, and it was Iran that first introduced big game hunting at scale.

“Not just trying to target one system within a network and lock it up, but really doing an intrusion and then rolling ransomware across the entire network to try to get as big of a ransom as possible that we now have seen from all other groups like REvil, LockBit, and others,” he said. “One of the things that the Iranians are doing, and we’re seeing this in the criminal space as well, is leaking data to harass organizations.,” Alperovitch said

Ransomware attacks are still increasing

Sandra Joyce, executive vice president and head of Mandiant Intelligence and Advanced Practices, said that it’s misleading to think that ransomware attacks are going down, a common misconcpetion in the wake of Ukraine’s invasion of Russia. “If you look at Q1 year after year and Q2 year after year, what you’re going to see is a very stark rise,” she said.

“I can tell you that at Mandiant, we saw a spike in the last week and a half.” Joyce pointed in particular to shaming site victims, “where if you don’t pay and frankly at times where you do actually pay, threat actors are going to go and dump your data there.”

Copyright © 2022 IDG Communications, Inc.

News Credit

%d bloggers like this: