Ransomware gangs focus on ‘Big Game’ attacks

The final 12 months have seen a constant rise in “Big Game” ransomware attacks concentrating on cash-rich organizations within the United States, with the commercial and power, retail and finance sectors being the toughest hit and Conti and LockBit rising as the primary cybercrime gangs.

The ransomware business has successfully consolidated right into a small variety of giant organized and highly- skilled organizations. In 2021, the Conti ransomware gang was liable for 505 main ransomware instances and LockBit was liable for 465, every dwarfing the opposite gangs mixed. Conti and LockBit will not be involved in searching small recreation and go for cash-rich organizations, primarily within the United States.

In 2021, the U.S. suffered by far the biggest variety of ransomware breaches with 1,352 “Big Game” attacks noticed in 2021, adopted by France (146), Canada (140) and the UK (139). These attacks solely focus on organizations in industries with vital monetary sources. During 2021, the commercial and power sector have been probably the most affected, struggling 599 vital attacks, intently adopted by the retail sector with 545 vital attacks and finance with 355.

Ransomware attacks have gotten extra formidable and more and more frequent with all geographies seeing a constant enhance in “Big Game” attacks all through 2021. This has meant that gangs reminiscent of Conti and LockBit, between them liable for the lion’s share of profitable attacks, have needed to change into more and more skilled and streamlined of their strategy, which is mirrored of their new ways, strategies and procedures (TTPs). Organizations can shield themselves solely by guaranteeing that they’ve wide-ranging and up-to-date risk intelligence to make sure they keep knowledgeable of the always evolving TTPs of the ransomware gangs.

These now embody elevated use of the “steal, encrypt and leak” tactic, which occurred all through 2021 and includes releasing the stolen confidential knowledge piecemeal, thereby making use of continuous strain on the sufferer group. New and highly-targeted spear-phishing campaigns created by Conti have additionally just lately change into more and more ruthless of their concentrating on of key workers members. Customers, companions and distributors of huge organizations throughout the U.S. are being despatched malicious e mail lures, typically from the unique sufferer’s e mail server.

Targeted recipients usually embody workers working inside enterprise administration, finance and gross sales. Once one group turns into compromised, reputable e mail accounts at the moment are more and more used to ship highly-effective lures to different organizations. Based on evaluation of latest campaigns, these emails at the moment are additionally usually backed up by the obvious use of prior reputable e mail threads together with contact particulars mimicking these of an unwitting third occasion and might seem totally convincing of their content material and tone. The poor English or different giveaway gaffes of the earlier era of lures are being changed by extremely skilled and personalised communications.

Because of the post-pandemic development in distant work, it’s now doubly essential that such workers are recurrently reminded to deal with all unsolicited emails with a level of warning. The constant use of digital personal networks (VPNs) for work functions has additionally been proven to assist maintain workers alert and conscious of the threats of working at house.

The implementation of efficient multi-factor authentication (MFA) has change into extra essential than ever, stopping risk actors from abusing stolen credentials and identities with out the token, whether or not it’s in {hardware} or software program kind. MFA also can block socially-engineered makes an attempt to achieve entry to high-privilege consumer accounts. Organizations that make use of company social media accounts and comparable shared companies ought to allow MFA.

Ransomware attacks more and more goal probably the most delicate knowledge at many giant organizations. It’s completely important that safety groups encrypt all delicate knowledge and retailer it securely to forestall unauthorized entry and render the info inaccessible to the risk actor within the occasion of information theft.

Ironically, the more and more smooth professionalism of the large gangs has additionally been mirrored of their elevated effectivity in fulfilling their finish of the cut price. In 2020, sufferer organizations recovered a median of roughly 60% of their stolen and encrypted knowledge, whereas in 2021 the determine was round 90%. The growing confidence of the large gangs has been prompted as a result of they’re extraordinarily cautious to find themselves far exterior the attain of U.S. legislation enforcement. The Conti ransomware gang, for instance, has been linked to Wizard Spider, a cybercrime group based mostly in Russia, suggesting that Conti most likely operates out of the identical area.

So, though U.S. legislation enforcement companies might proceed to insist that sufferer organizations ought to refuse to cooperate or negotiate with the ransomware, many firms solely have two options: take precautions in the present day or pay-up tomorrow.

Schmuel Gihon, risk intelligence researcher, Cyberint