Ransomware: These four emerging gangs can pose the next major cybersecurity threat

Cybersecurity researchers warn of four new families of ransomware that can pose a significant cybersecurity threat to businesses.

Ransomware is one of the major cybersecurity threats facing businesses around the world as cybercriminals endanger their networks and attempt to encrypt and demand ransom payments.

This potentially easy money temptation joins the action from a professional ransomware gang that stores malware on its own, or from a ransomware group as a service that lends out illegal products.

It seems that some important ransomware operators have disappeared in the last few months. But that doesn’t mean that ransomware isn’t that much of a problem. New groups are emerging to fill the gap.

Palo Alto Networks cybersecurity researchers have detailed four upcoming families of ransomware discovered during the investigation. Under the right circumstances, one of them can pose the next major ransomware threat.

One of these is LockBit 2.0. This is a ransomware operation that has been around since September 2019, but has gained a lot of traction during the summer. The people behind it renewed their dark web operations in June (when they released the 2.0 version of LockBit), and aggressive advertising is drawing attention from cybercriminals.

According to researchers, LockBit has endangered 52 organizations around the world since June. Perhaps most notable is that a criminal using LockBit broke Accenture, but the company was able to recover from backup without paying a ransom.

The rise of LockBit has not been overlooked, as the Australian Cyber ​​Security Center has posted a warning organization that warns about threats.

However, LockBit is not the only format of increasing ansumware. AvosLocker Ransomware first appeared in July, offering a ransomware scheme as a service that includes operators responsible for ransom negotiations.

This group is endangering several organizations around the world, including law firms in the United States and the United Kingdom. Like other ransomware groups, Avos Locker leaks stolen data if the ransom is not paid.

look: Cyber ​​security winning strategy (ZDNet Special Report)

Ransom demand after the AvosLocker attack is relatively low for 2021 ransomware, between $ 50,000 and $ 75,000. However, unlike many other ransomware groups that require payment in Bitcoin, AvosLocker requires it in Monero, an anonymously designed cryptocurrency. Monero isn’t as valuable as Bitcoin, but with the added anonymity, it’s more difficult to track down cybercriminals using Monero.

Another new player in the ransomware market is the Hive ransomware, which was first seen infecting organizations in June 2021. The attacker behind it uses the stolen data and double extortion to force the victim to pay the ransom.

In total, Hive has so far claimed 28 casualties, including healthcare providers, in attacks that could disrupt patient care. This kind of cavalier attitude towards the well-being of the general public can pose a hive a threat to dangerous ransomware.

The fourth new threat detailed by researchers is a twist of established forms of ransomware. Hello Kitty ransomware first appeared in December 2020 and was primarily targeted at Windows systems. Researchers are now identifying new versions of Hello Kitty targeting Linux systems and opening up a whole new platform targeted by cybercriminals.

Palo Alto Networks told ZDNet, “Ransomware isn’t just chasing Windows systems, it’s a variant of Hello Kitty targeting ESX, trying to open up a completely different market that hasn’t been explored before. “. ..

Organizations around the world have been targeted by this Hello Kitty variant and will change their ransom requirements accordingly. The criminal demanded one victim as much as $ 10 million in Monero, but operators can also accept Bitcoin payments.

The rise of these ransomware groups indicates that even if the established groups appear to disappear, new players will replace them. Many of these employ the tactics and techniques of the successful ransomware costumes that came before them to make the attack as effective as possible.

“More popular groups have paved the way for the emergence of these smaller groups and provided a business model to follow to carry out operations. This is the standard since these emerging ransomware groups have Maze ransomware. That’s one of the reasons we’re taking advantage of the double blackmail approach, “said Santos.

Regardless of the type of ransomware used by cybercriminals, it poses a major threat to businesses. To protect your network from being the victim of a ransomware attack, we recommend that you apply security patches in a timely manner to prevent criminals from exploiting known vulnerabilities. Multi-factor authentication should also be applied to all users to provide an additional barrier to attacks that exploit stolen or leaked usernames and passwords as entry points.

Enterprises are also encouraged to regularly update and test their backups and store them offline. This allows you to restore your backups without paying a ransom if your network is hit by a ransomware attack.

Cyber ​​security details

Ransomware: These four emerging gangs can pose the next major cybersecurity threat

Source link Ransomware: These four emerging gangs can pose the next major cybersecurity threat