Ransomware Gangs & Their Threat at Its Peak
Ransomware gangs have created ruckus worldwide. The attacks have increased to 300% compared to 2019. Now, these gangs are gradually picking up on extortion techniques. Consequently, organizations are now bound to reciprocate the way attackers want.
How Did It Start?
The Maze Ransomware gang was the first to start the ‘name and shame’ strategy. This strategy permits the attacker to threaten the victim. They intimidate the victims by revealing personal, confidential, and vulnerable data. In due course, other gangs also started following these tactics to trap more users. However, this became dangerous when these gangs started forming cartels. Thus becoming more robust and resilient against organizations. This did not stop here, to further gain profits they started adopting the double-extortion strategy.
What Kind Of Information Is Exposed?
The information exposed in these attacks can include:
- Sensitive communications and internal file
- Login Credentials
- Credit card passwords.
- Bank identification numbers (BIN)
- Confidential records and data
- Personally identifiable information (PII)
- Customer information
- Protected health information (PHI)
Emerging Trends in the Attack
The year 2021 will see ransomware attacks at their peak. Already end of 2020 witnessed more than 500 attacks using the double-extortion strategy. Along with the implementation of the double extortion strategy, the attackers have also transformed their modus operandi, switching from an opportunistic model to a more target-focused approach. They are targeting data of high-rank executives and managers. Recently a company paid the ransom in million dollars to the Clop Ransomware gang. Moreover, ransomware gangs are also attempting to instill a fear of DDoS attacks on targeted companies. This has proved to be effective means of pressurizing the victim to quickly pay the ransom. This type of secondary attack has been evident from Avaddon, RagnarLocker, and SunCrypt operators.
The attackers are attempting multiple ways to ensnare more and more companies. They are applying different tactics to pressurize the victims. It’s high time that the organizations fasten their belts and strengthen security. Timely backup of data, a team of cyber-security professionals, and educated employees are a must.