Ransomware cartels are employing new tactics to extort money, according to a new report by cyber risk analytics provider CyberCube.
Gangs of cyber criminals are organising themselves along the lines of drug cartels and changing their strategy of attack in order to keep ahead of authorities’ efforts to stamp them out, according to the report, Enterprise Ransomware: Assessing the future threat and what it means for (re)insurers. These cartels are formed to execute ransomware campaigns collaboratively, expanding hackers’ playbooks to include so-called “double extortion,” data exfiltration and data modification.
The report predicts that, in 2021, cyber criminal cartels behind ransomware campaigns will be responsible for the majority of attritional losses in the insurance market, and possibly even aggregation events due to cyberattacks.
“Ransomware is now right at the top of the agenda for cyber insurers, reinsurers and brokers,” said report co-author Darren Thompson, head of cybersecurity strategy for CyberCube. “This is because cyber criminals are continuing to adjust and improve their ransomware approaches in response to increasingly sophisticated cyber defense – and to reap as much reward as possible. What we’re seeing now is the rise of cyber cartels – loose affiliations of criminal hackers intent on gaining the maximum amount of money possible. They’re doing this by introducing new tactics into their attacks. This keeps them ahead of advances in security and allows them to extort money not once but twice.”
The report warned insurers to expect cyber cartels to continue to target high-profile organisations, including Fortune 500 companies, as the cartels have researched those organisations’ ability to pay a ransom prior to the attack. The techniques used to conduct these attacks are becoming more sophisticated and more targeted, CyberCube said.
In a double extortion attack, hackers not only encrypt the victim’s data, but also copy it to one of their own servers. Once the victim pays the ransom, the cartel still has the data in its possession, and can use it to further extort the victim. Double extortion first appeared in 2019 and gained popularity last year, CyberCube said.
Criminals are also threatening data integrity through data modification attacks. In these attacks, criminals tell the business that elements of its data have been altered. The report said that data modification attacks are likely to become increasingly common in the next few years, and will focus on sectors utilising sensitive data such as healthcare and financial services.
According to CyberCube, many prolific double-extortion ransomware cartels are currently operating, including Maze, REvil, Sodinokibi, DoppelPaymer, and Nemty. These cartels create their own websites where they publish data stolen from victims who refuse to pay the ransom.
Other emerging ransomware threats include the development of ransomware worms – malware that can spread without human interaction – and an increased focus on so-called “single points of failure” (SPoFs). SPoFs are systems and services with thousands or millions of users, and attacks can affect huge numbers of businesses. The recent attacks on the Microsoft Exchange were SPoF attacks, CyberCube said.