Published 14 Aug 2020

According to fresh research from British security company Sophos, ransomware attacks have evolved from the “spray and pray” attacks of the past to more sophisticated attacks that employ a variety of tools to achieve their aims and leverage companies into paying more.

According to Chester Wisniewski, Sophos’s principal research scientist:

“The reality is, ransomware is not going away. At Sophos, we’ve seen gangs like WastedLocker taking evasive tactics to a new level and now even finding ways to bypass behavioural anti-ransomware tools. This is the latest example of attackers getting their hands dirty, using new manoeuvres to manually disable software as a precursor to a full blown ransomware attack. Other stealthy activities like exfiltrating data and disabling backups are also precursors. The longer attackers are in the network, the more damage they can inflict.”

Wisniewski says that the trend is moving away from “script kiddies” - which is a name for hackers who use existing tools and exploits, often with limited skills of their own - to more sophisticated hackers who employ a variety of tools to penetrate and move laterally through networks, often disguising their movements as legitimate activity. He says that while there are still amateurish hackers that are content with trying to install cryptominers and ransomware to make a few bucks, the ones with the right skillset are emulating the state-sponsored hacking groups.

These cybercriminals are performing reconnaissance on their victims first, finding out about its operations and the data that it’s likely to value the most. They then borrow techniques from those used by state-backed hackers, having learned about them from detailed reports on how high-profile attacks were executed. This then guides them in identifying potential targets to phish in an organisation to gain entry and how to move laterally through a network to locate valuable assets.

The research also points out that cybercriminals are extorting twice over. First they demand a ransom to restore that the data they have encrypted, and then they demand a further ransom to not publish exfiltrated data, pointing out the damage this can cause to the company’s shareholders and customers, not to mention the cost of regulatory penalties, such as under the General Data Protection Regulation (GDPR).

What’s more, increased social pressure is also being applied to make companies pay up. In one case documented by the research, the cybercriminals phoned employees at work, telling them what personal data they had obtained and suggesting they should get their bosses to pay the ransom to avoid it being made public. This was then followed by an email to the entire organisation and phone calls to the IT team.

It seems ransomware will be with us until companies stop paying ransoms, but at Pro-Networks, we can help you minimise your exposure to ransomware with a cybersecurity audit and our backup and recovery services. We can also help you to avoid substantial fines under the GDPR by ensuring you are compliant with the regulation.

Please share this post using any of the following share buttons.

Read similar posts to this article

Cybercriminals extorting millions t...

Save money by saying no to ransoms,...

NCSC launches online scam reporting...