• Latest
  • Trending
The Evolution of Ransomware Extortion Schemes

The Evolution of Ransomware Extortion Schemes

November 18, 2021
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Monday, 12 May, 2025
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

The Evolution of Ransomware Extortion Schemes

by ITECHNEWS
November 18, 2021
in Opinion
0 0
0
The Evolution of Ransomware Extortion Schemes

As the world experienced significant upheaval, the scale of threats facing businesses during the pandemic grew exponentially. Fundamentally, threat actors did not innovate; instead, they advanced the use of tools they already had, with slight modifications, at a much larger scale to take advantage of the instability that defined the changing times.

Most notably, the threat landscape saw the continued evolution of ransomware. Targeted ransomware attacks grew in both the number of attacks and in profitability, encouraging new groups to emerge. To surpass businesses’ established countermeasures, novel attackers entered the scene with new extortion schemes that prompted organizations to rethink ransomware prevention and protection.

YOU MAY ALSO LIKE

Making Biometrics Work: 3 Ways To Jumpstart the Process

How to prevent cyberbullying: Keeping students safe

Ransomware Learns a New Trick: Double Extortion

Ransomware attacks have existed in one form or another for ages by tech standards – the first ransomware attack dates back to 1989. However, modern ransomware operations are financially-driven businesses, and network operations evolved to a point where there was too much uncertainty to ensure payment, even after a successful attack campaign. Sometimes stymied by advancements in threat detection and confronted with countermeasures such as file redundancy, honeynets and regular backup strategies, a new approach was required that increased the leverage on victims to pay. Threat actors evolved, and barring businesses out of their information was no longer the only priority. Some chose to encrypt and exfiltrate information to pressure victims into payment.

This tactic takes two primary forms; the first is a name-and-shame approach. If a company does not pay the ransom – usually within a short period – the ransomware operative will start publishing data to damage the victim and entice payment. The second tactic entails auctioning the data in criminal underground websites, so if a victim doesn’t pay the ransom, the attacker still generates revenue. The first group to be credited with such an attack was Maze, and inspired by Maze’s success in publishing victims’ information, more ransomware families adopted these extortion schemes to great success, such as DoppelPaymer, Egregor, Conti, REvil and DarkSide.

Exploring New Dimensions

Double extortion has remained a critical approach for ransomware actors even today, but there have been several attempts to improve upon the technique. Much press attention has been dedicated to supply-chain attacks, as seen in the SolarWinds hack at the end of 2020. This is true of significant infrastructure and industrial control system targets, as demonstrated by the Colonial Pipeline breach in May 2021 (though the scale and impact of that attack appeared to have gone far beyond the attacker’s intent). In addition, it is highlighted by attacks on MSPs such as the Kaseya attack from July of 2021.

Beyond that, in February 2021, ransomware actor REvil was associated with a so-called triple extortion attack. They exfiltrated and encrypted data for ransom, but they also launched a distributed denial of service (DDoS) against critical resources for the victim until the ransom was paid. Avaddon performed a similar attack in May 2021. A variation of triple extortion has been reported in some circumstances, whereby an attacker steals and encrypts a victim’s data and uses it to extort money from affected third parties who have an interest in it protecting their data as well. This is particularly evident in the healthcare industry.

The latest variation involves combining all four threats – stolen data, locked files, denial of resources and threatening third parties – into what’s being called quadruple extortion. However, it still seems to be very rare for any single attack to apply all four areas.

Measures to Take

Ransomware is a significant cyber threat to organizations of all sizes and industries. However, preventive measures are available, and should ransomware infiltrate a network, there are methods of recovery without paying cyber-criminals.

First, businesses need to ensure security patches are applied immediately to prevent attackers from exploiting known vulnerabilities. Organizations should also use multi-factor authentication across their infrastructures in a zero-trust configuration to prevent lateral movement.

Maintaining secure backups of all business-critical information, offsite and air-gapped, remains imperative. Furthermore, data should be encrypted at-rest. Keeping security systems up to date with the latest detections to respond to potential attacks proactively is vital. Finally, robust network segmentation helps prevent lateral movement between segregated assets. Of course, constant vigilance is essential for network defense, but that process is built from a foundation of deliberate preparation.

Closing Thoughts

Criminals are swiftly switching lures for exploitation and have increased the risk of a successful attack. Dealing with a ransomware attack during a pandemic adds an extra layer of complexity. Businesses need to adapt to the new threat environment and have clear next steps should they fall victim to an attack. 

Traditional backup methods have worked in the past and should remain top of mind, but new tactics and processes need to be implemented. As ransomware groups continue to evolve their techniques and extend their influence, organizations cannot risk falling behind and exposing their assets.

Source: Alexander Applegate Senior Threat Researcher, ZeroFOX

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version