CyberSense® Ransomware News
Other Ransomware News
Ransomware attacks have become more powerful and lucrative than ever before – to such an extent that advanced cyber-criminal groups have switched to using it over their traditional forms of crime – and it's very likely that they're just going to become even more potent in 2021.
The pandemic also created unprecedented conditions in cyberspace, reshaping networks by pushing people to work from home en masse, creating a scramble to access vaccine research by any means, generating new fodder for criminals to launch extortion attempts and scams, and producing novel opportunities for nation-state espionage.
These survey results reveal just how big of a problem the ransomware epidemic is: We’re in the midst of a global health pandemic that has taken trillions of dollars out of the global economy, yet many security professionals are more fearful of ransomware. Why? In many cases, it’s because they don’t have an effective ransomware incident response (IR) plan in place – and therefore, they don’t know what to do when a ransomware attack occurs.
66% of companies say it would take 5 or more days to fully recover from a ransomware attack ransom not paid
Almost two-thirds of respondents said they thought the security measures at their enterprise had not kept up with their IT complexity. Nearly half said their company had experienced a ransomware attack and among those who had suffered through one, on average they said they've faced 4.5 attacks.
"We are aware of a 3rd party IT company working on your network. We continue to monitor and know that you are installing SentinelOne antivirus on all your computers. But you should know that it will not help. If you want to stop wasting your time and recover your data this week, we recommend that you discuss this situation with us in the chat or the problems with your network will never end."
Included in the ransom note is a link to Foxconn's victim page on DoppelPaymer's Tor payment site where the threat actors are demanding approximately $34,686,000... the threat actors claim to have encrypted about 1,200 servers, stole 100 GB of unencrypted files, and deleted 20-30 TB Of backups.
the number of publicly recorded ransomware attacks against manufacturing has tripled in the last year alone. That's potentially very troubling because the interconnected nature of the manufacturing supply chain means that if one factory gets taken down by a cyberattack, it could have wide-ranging consequences.
The fact that it was forced to cease nearly all operations for two weeks makes this attack stand out from what would usually be just another ransomware attack. “Ransomware attackers are going after higher-value targets and that includes operational networks,” Carcano explained. “And remediation costs and efforts to repair the operational, financial and reputational damage caused by these attacks put a significant strain on leadership teams.”
The LockBit gang partnered with Maze to create an extortion cartel to share the same data leak platform during attacks, as well as to exchange tactics and intelligence. LockBit ransomware actors also take as little as five minutes to deploy payloads after gaining access to the victim network.
aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.”
Ransomware attacks grew by more than 365% in 2019 alone, and a growing number of those target backups. If you are attacked, your business could be forced to decide whether to pay the ransom. Plenty of people are doing just that, and it's expensive. One recent report found that the average cost of getting back to normal, including the ransom, costs nearly $1.5 million. There are very good reasons why hackers are attacking backups: They know that the data in those backups are the keys to the kingdom, and they are extremely profitable.
Data from 25,000 small-to-midsize organizations reveals ransomware as the top cyber insurance incident in the first half of the year, with the average ransomware demand increasing 100% from 2019 through Q1 2020
The impacts of a ransomware attack reach much further than technological or financial consequences on the business – they also take a toll on the humans behind IT security and their abilities to address future threats. "Experiencing a ransomware attack firsthand adds even greater strain, undermining confidence in their own abilities and preparedness.”
Over a third of cyber-attacks observed by Kroll in 2020 can be attributed to three main ransomware gangs. "Ryuk and Sodinokibi, perennially the most observed form of ransomware attack in Kroll’s cases, have been joined by Maze as the top three ransomwares so far in 2020, comprising 35% of all cyber-attacks," and over two-fifths (42%) of Kroll’s cases with a known ransomware variant are connected to a ransomware group actively exfiltrating and publishing victim data,".
A widespread hacking operation that has been targeting organisations around the world in a phishing and malware campaign that has been active since 2016 has now switched to ransomware attacks, reflecting how successful ransomware has become as a money-making tool for cyber criminals. Dubbed FIN11 who describe the hackers as a 'well-established financial crime group' which has conducted some of the longest running hacking campaigns.
Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today.
In its advisory (PDF), the Treasury’s Office of Foreign Assets Control (OFAC) said “companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”
Those that run afoul of OFAC sanctions without a special dispensation or “license” from Treasury can face several legal repercussions, including fines of up to $20 million.
The ransomware group REvil has deposited $1m worth of bitcoins into a hacker forum to initiate recruitment of affiliates. REvil seeks to hire affiliates who are skilled at penetration testing and other hacker routines, as well as people who have experience with hacking but do not have access to work.
Ransomware incidents appeared to explode in June 2020. Ransom demands are increasing exponentially. In some cases, IBM Security X-Force is seeing ransom demands of more than $40 million. Attackers are finding schools and universities to be an even more attractive target for ransomware attacks, especially as they begin classes virtually or are experimenting with hybrid environments due to COVID-19.
There’s plenty of evidence to indicate that cybercriminal groups consider the human foibles of their victims. According to Microsoft, ransomware actors actively switch tactics and tools depending on the specific security environment they encounter upon initial network access, or plan attacks around holidays and other times when they know the patching response will be slow.