'RansomOps' attacks yield record returns for perpetrators
Early ransomware campaigns relied on sending out large volumes of emails in so called 'spray-and-pray' attacks.
But a new report released today by Cybereason highlights the rise of sophisticated RansomOps attacks that are allowing ransomware syndicates to reap the benefits of record profits.
These attacks are complex and akin to the stealthy operations conducted by nation-state threat actors, meaning ransomware attacks have become harder to defend against for most organizations, and emboldened threat actors have driven up their ransom demands as more and more organizations choose to pay.
"A shift by the ransomware gangs from wide-spread to targeted attacks against organizations that have the ability to pay multi-million dollar ransom demands has fueled the rise in attacks in 2021. No two RansomOps attacks garnered more publicity last year than those on Colonial Pipeline and JBS Foods. Unfortunately, we can expect to see a continued increase in attacks in 2022, with ransom demands increasing and critical infrastructure operators, hospitals and banks having targets on their backs," says Lior Div, Cybereason's CEO and co-founder.
The report reveals the four components of RansomOps:
- Initial Access Brokers (IABs): These infiltrate target networks, establish persistence and move laterally to compromise as much of the network as possible, then sell access to other threat actors.
- Ransomware-as-a-Service (RaaS) Providers: Which supply the actual ransomware code, the payment mechanisms, handle negotiations with the target and provide other 'customer service' resources to both the attackers and the victims.
- Ransomware Affiliates: These contract with the RaaS provider, select the targeted organizations and then carry out the actual ransomware attack.
- Cryptocurrency Exchanges: That launder the extorted proceeds.
Instead of paying up which brings no guarantee of retrieving data, may have legal implications and is likely to incentivize future attacks, Cyberreason suggests organizations should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy.
The full report is available from the Cybereason site.
Image credit: Andrey_Popov/ Shutterstock