Appgate shares its views on changing face of ransomware

By BizClik Admin
Cyber Magazine speaks to security access software provider Appgate's Security Researcher Felipe Duarte about all things ransomware.

Europol recently announced that Romanian authorities have arrested two individuals suspected of cyberattacks deploying the Sodinokibi/REvil ransomware. They are allegedly responsible for 5 000 infections, which in total pocketed half a million euros in ransom payments.

Since February 2021, law enforcement authorities have arrested three other affiliates of Sodinokibi/REvil and two suspects connected to GandCrab. These are some of the results of operation GoldDust, which involved 17 countries*, Europol, Eurojust and INTERPOL. All these arrests follow the joint international law enforcement efforts of identification, wiretapping and seizure of some of the infrastructure used by Sodinokibi/REvil ransomware family, which is seen as the successor of GandCrab.

Felipe Duarte, Security Researcher at Appgate says: "The actions by the international cyber security community and law enforcement against ransomware gangs over the last six months have forced gangs to be more careful with their operations. It's not uncommon nowadays for these groups to go dark after a major attack, changing servers and hiding their footprint. Some operations even go through a rebranding process after they get a lot of media attention, like the DarkSide ransomware that rebranded itself into BlackMatter.

"The US Treasury’s announcement about targeting corrupt crypto exchanges, and the recent news that Interpol and the DoJ have arrested REvil members, are good examples of actions targeting cybercrime operations. However, even with those major operations, it's highly unlikely that all REvil members will retire or be arrested. Members may simply go to another "project".

"This volatility undermines their perceived reliability. With ransomware groups continuing to rebrand and change their infrastructure, organisations face less pressure to pay ransomware groups when they are breached. You can’t pay a group that no longer exists, and you are less likely to pay the ransom if there is a possibility they will disappear with your money.

"Trust in law enforcement and government agencies to crack down on these attacks has also grown. For example, during the Kaseya cyber-attack in July, the FBI was able to seize the decryption keys and eventually share them with the victims of the attack. Organisations are, therefore, less likely to give into the demands of ransomware groups if they know that government agencies are cracking down on the recovery of their data.

"As a result, in the upcoming year, ransomware groups will likely have a lower profit margin if they continue to target high-profile organisations, where the government is likely to respond quickly to an attack. Some groups already announced changes in their targets list, BlackMatter ransomware, for instance, claims they do not attack hospitals, critical infrastructure facilities, oil and gas industries, defense industry, non-profit companies and government sector. Ransomware groups already target lots of smaller companies that often do not make into the news. It's possible they will focus on those organizations to avoid being disrupted by law enforcement operations.

"Organisations must still be vigilant as ransomware groups will learn how to operate more cautiously without being detected. Gangs find new targets every day. Ransomware attacks will not dramatically drop in the next year but they may become less profitable as the pressure by law enforcement and government agencies to crack down on the people causing these attacks continues to grow.

Share

Featured Articles

Cooperation Key Theme at Microsoft Endpoint Security Summit

The Microsoft Endpoint Security Summit brought together leaders in the cybersecurity industry to discuss strategies for securing endpoints on Windows

Why the UK is Listing Data Centres as Critical Cyber Assets

Being Western Europe's leader in number of Data Centres, the UK has decided to take steps to ensure they receive adequate protection from cyber threats

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

Technology & AI

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cyber Security

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security