In order to get higher ransoms, hacker groups that are adept at ransomware attacks are much more aggressive. In any case, this is what the latest report from the European police agency Europol reveals.
It is a fact, ransomware attacks have mutated in recent years, becoming a threat equivalent to terrorism for some governments like the United States. The tactics of groups of hackers following this method have been perfected, so as to drastically increase their chance that victims will check out.
Thus and according to the latest report from the European police agency Europol, the number of ransoms paid as a result of a ransomware attack has increased by 300% between 2019 and 2020. And depending on the institution, this figure will only get worse in 2021, especially since the democratization of telework in many countries due to the pandemic.
Ransomware, cybercriminals’ favorite weapon
According to this document baptized “threat assessment of organized crime on the internet“, It is ransomware that gets off the hook the most dangerous and effective cyber threat in 2021. To illustrate its point, the agency refers to many major incidents that have affected critical infrastructure such as supply chains, hospitals or major companies.
Europol obviously recalls the ransomware attack that paralyzed American oil, affecting the servers of Colonial Pipelines, one of the main American oil pipeline operators. Or the attack on Kaseya, currently considered the biggest cyberattack in history. In September 2021, a study conducted by the computer security company Censinet showed that mortality increased dramatically in hospitals affected by ransomware.
According to the European agency, ransomware has become more effective as hackers have become more concrete. Indeed, while the previous tactics often consisted of massively broadcasting a ransowmare on the web to reach as many people as possible, cybercriminal groups now select specific targets, chosen according to their ability to pay a high ransom.
Fewer targets, more efficient and aggressive ransomware
“The use of traditional mass-distributed ransomware appears to be on the decline, and authors are moving towards human-exploited ransomware targeting private companies, healthcare and education sectors, critical infrastructure and government institutions ”, Europol specifies in its report.
By reducing the number of potential targets, hackers can spend more time planning their attacks, so as to make them even more devastating. They take the opportunity to steal additional connection identifiers to circulate more easily in the network, or to encrypt / steal as many files as possible servers. In other words, they reinforce the impact of their ransomware to get victims to pay.
“Ransomware attacks have become more sophisticated, with criminals spending more time inside a network searching for the target and increasing their privileges in order to further compromise the infrastructure and get their hands on more data ”, explains the agency.
Read also: Joe Biden summons 30 countries to end ransomware
More “ruthless and methodical” ransomware attacks
In addition, hacker groups are now carrying out what is called the double extortion : In addition to encrypting files from a server, cybercriminals also steal sensitive data and threaten to post it on the web if the ransom is not paid. An extremely effective additional leverage against companies who do not wish to see confidential information circulating on the net.
In addition, some groups also threaten to launch DDoS attacks if victims are slow to comply. “The authors continue to be increasingly ruthless and methodical in their modus operandi. Over the past 12 months, the arsenal of coercive methods has grown with the methodical canvassing of journalists, clients, business partners and employees of targeted organizations ”, assure Europol.
Agencies mobilize and win battles
Nevertheless, the agency would like to recall that several battles have been won against ransomware groups this year and 2020. Europol refers to this international operation that dismantled the Emotet botnet, depriving hackers of an entry point for these ransomware attacks. In addition, the company Bifdefender has developed free software to unlock data encrypted by the REvil ransomware.
“The collective response of our international law enforcement community is clear: authorities and the private sector around the world are strong and ready together to mitigate any threat that blackmailed and upset the stability of our countries. companies ”, proclaims Catherine de Bolle, Executive Director of Europol.
Source : ZDnet