May 9, 2022
“Ransomware gangs are “alarmingly similar” to legitimate organizations with their management structures and HR policies, and there is a clear logic to the way to target companies that they are certain would pay for the ransom to decrypt their data, a new report by Check Point Research”
News-Link on Ransomware Gangs
Conti Cybercrime Gang
May 08, 2022.
“The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang.”
>> News-Link on Conti cybercrime gang
College shuts Down after Ransomware Attack
May 09, 2022
“A university that originally opened its doors the same year that the American Civil War ended will shut down later this month. Lincoln College administrators have put the blame on a ransomware attack, which they say hindered admissions and fundraising activities during a period when the school was already struggling.”
>> News-Link: Ransomsware Closes College Permanently
Microsoft Fighting Ransomware
May 09, 2022
“The investment comes as organizations ramp up their security spending to manage the increased threats of ransomware attacks and network hacks.”
>> News-Link on Microsoft launching cybersecurity services to help clients fight off ransomware and other attacks
Costa Rica national emergency after Conti ransomware
“Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies”
>> News-Link 1 >>on cyber attacks Conti ransomware group on multiple government bodies.
News-Link 2 >> on Costa Rica State of Emergency Under Sustained Conti Cyberattacks
Ransomware As a Service
“The cybercriminal economy is a continuously evolving connected ecosystem of many players with different techniques, goals, and skillsets. In the same way our traditional economy has shifted toward gig workers for efficiency, criminals are learning that there’s less work and less risk involved by renting or selling their tools for a portion of the profits than performing the attacks themselves. This industrialization of the cybercrime economy has made it easier for attackers to use ready-made penetration testing and other tools to perform their attacks.”
The threat of ransomware has grown over the years. Millions of organizations and companies have been hacked. The costs amount globally to billions of USD and the number of future ransomware cases is projected to rise even more.
Ransomware attacks are now a very common type of tool used by attackers. Organized crime groups and criminal ransomware gangs will use targeted ransomware attacks which can cost organizations millions of dollars. Besides that, your data might still be appearing on the dark web in data breaches. Even when you have paid… Getting back on your feet will require many days, if not weeks or months to have your computers working again and regain full access to the servers and your data.
Ransomware is a type of malware that will:
Is your company & customer data protected from ransomware?
- ransomware attackers can threaten to publish the victim’s personal data online
- ransomware can block access to your device until you pay the ransom fee
- ransomware will extort the victim (extortion attack)
- ransomware will publish your files on the dark web if you don’t pay or cooperate
Do you want to pay the ransom?
The tracking and prosecution of suspects can prove to be a challenge since cybercriminals use cryptocurrency to collect the ransom fee (difficult to trace) and other techniques remain anonymous.
The main types of ransomware are:
- Encrypting ransomware
- Non-encrypting ransomware
- Data Exfiltration ransomware
- Crypto ransomware or encryptors will encrypt your files and data. you need a decryption key to access your data.
- Lockers will lock you out of your computer. Files & applications are not accessible. Ransom demand is requested via lock-screen with a countdown clock.
- Scareware will claim false positives and requests money.
- Doxware or leak-ware will threaten you to distribute your data online unless you pay
- RaaS (Ransomware as a Service) is a complex malware system that uses anonymous command and control centers to distribute ransomware & collect the ransom payment.
Most ransomware infections are spread via phishing emails, or by attachments with fake invoices or other deceiving fake information. Be careful what you click on, be careful which attachment you open.
Lifecycle of a Ransomware incident
Establish a good risk management strategy
Whatever type of cybersecurity measurements you have in place, no system is perfect and humans are not perfect. Neither are computer systems. Hence a good risk management strategy must start with a ransomware risk assessment.
This is where AR INTELL can assist you with a ransomware investigation.