Sunday, December 3, 2023

Ransomware gangs are evolving in new and dangerous ways

Must read

With digital technology growing rapidly, ransomware gangs and their methods continue to progress at an aggressive pace as well.

This observation was detailed by cybersecurity and antivirus giant Kaspersky by a new reporthighlighting recent trends in ransomware that have been realized during 2022.

Getty Images

Although leading cyber gangs have seen operations cease due to shutdowns, groups continue to find ways to develop dangerous strains of malware and ransomware. And their efforts are bearing fruit, Kaspersky points out.

In particular, the company has unveiled brand new “cross-platform capabilities”, in addition to “upgraded business processes” and more.

Before we delve into the above aspects, it is important to outline what exactly ransomware is. Simply put, it is a type of code or software that affects files, folders, or the entire operating system of a computer.

Once it has successfully infiltrated its target, ransomware groups will then demand money from the victim if they want to unlock access to their computer.

“If last year we said ransomware is in bloom, this year it’s in full bloom.”

“Rasomware operations have come a long way – from clandestine and amateurish beginnings to full-fledged businesses with distinctive brands and styles that compete with each other on the dark web. Kaspersky said.

The rise of cross-platform programming languages

Regarding the “product use” of cross-platform capabilities, Kaspersky points out that this method is particularly effective for damaging “as many systems as possible with the same malware by writing code that can be implemented on multiple operating systems at once.”

Cross-platform programming languages, Rust and Golang, have begun to grow in the ransomware community in the last stages of 2021.

For example, a leadership group that is a constant name in the ransomware space, Conti, has succeeded in designing a variant that is deployed by certain affiliates to target Linux-based systems.

BlackCat, labeled a “next-generation” malware gang, has been mentioned as another group – one that has apparently attacked more than 60 organizations since December 2021. Rust was its language of choice for developing malware strains.

Elsewhere, a group known as DeadBolt relied on Golang instead for their ransom programs. This cyber band is notorious for its attacks on QNAP (online storage devices of a Taiwanese company).

System hacked warning alarm displayed on computer screen.

Ransomeware groups are starting to evolve

Another trend Kaspersky detailed is the fact that ransomware groups not only rely on more advanced tactics for their general operations, but during the end of 2021 and the early stages of 2022, they also “continued activities to facilitate their business processes. .

Some groups formed and began to use whole kits that “resemble those of benign software companies.”

“Lockbit stands out as a remarkable example of the development of a ransomware gang. The organization boasts a number of improvements over its rivals, including regular upgrades and repairs to its infrastructure. It also first introduced StealBIT, a custom ransomware debugging tool that enables data exfiltration with the highest speeds ever – a sign of the group’s hard work aimed at accelerating malware processes.

Dmitry Galov, a senior security researcher with Kaspersky’s Global Research and Analysis Team, commented on the state of affairs with a summary:

“If last year we said that ransomware is blooming, this year it is in full bloom. Although last year’s major ransomware groups were forced to stop, new actors have emerged with unprecedented techniques. However, as ransomware threats evolve and expand, both technologically and geographically, they become more predictable, which helps us better detect and defend against them. “

Google, meanwhile, somewhat reflected the same remark when analyzing the a record number of zero-day hacks in 2021.

“Zero-day exploits are considered one of the most advanced attack methods an actor can use, so it would be easy to conclude that attackers should use special tricks and attack surfaces. But instead, the zero-day attacks we saw in 2021 generally followed the same chimpanzees, attack surfaces and exploit “forms” previously seen in public research.

However, this does not mean that malware and ransomware do not pose a dangerous threat in today’s digital-driven world. In fact, ransomware in particular is extremely lucrative business for cybercriminals. In 2021 alone, this type of crime saw $ 49.2 million in losses for innocent individuals.

The fact that the rise of malware is more common than ever before does not go unnoticed among the major technology giants.

Microsoft recently confirmed a new initiative where businesses can use the company’s internal security services and experts to fight cybercrime and strengthen their digital security measures.

Editors’ Recommendations


More articles

Latest article