The same week in late February that Russian troops entered Ukraine, one of the most powerful Kremlin-aligned hacker gangs in the world, threatened to attack US and NATO allies. The so-called Conti group, known for its use of ransom software to extort millions of hospitals and emergency services, now threatened to target critical U.S. infrastructure: vital systems such as the power grid and power supply. water.
For three tense days, cyber defense professionals anxiously anticipated the group’s next move. Then, without warning, the gang exploded.
Conti’s network was allegedly infiltrated by a Ukrainian security investigator who leaked the group’s secrets to Twitter, including your chat logs, ransomware code, and financial details. The leak revealed that Conti was disorganized and prone to do so internal disputes. They were also one of the most profitable computer piracy teams in the world.
Image: Unit 42
“Ransomware as a service“known as RaaS, has grown in popularity in recent years, with criminal gangs obtaining extorted cash from health care providers, retailers, manufacturers, universities, local governments and many other organizations. These schemes have increased a 85% last year since 2020., and individual lawsuits rose 144% to $ 2.2 million.The average payment rose 78% to about $ 541,000, according to a new report from the U.S. Unit 42, a Palo Alto Networks threat investigation team.
“The vast majority of ransomware players are financially motivated. RaaS makes it much easier to carry out attacks by lowering the entry barrier and expanding the reach of ransomware,” Ryan Olson of Unit 42 told CBS News . “As organizations continue to pay ransom, these actors are investing more in their ransomware organizations and are motivated to continue their efforts.”
Many hacker groups operate as a business run “for criminals, for criminals, with terms that set terms, often in exchange for monthly fees or a percentage of ransoms paid,” Olson said, adding that the groups are often compartmentalized with centered departments. in tasks such as administration, coding, marketing, and security testing.
These three organizations accounted for more than a third of ransomware activity last year:
Accounts
Conti’s growth was astronomical and unprecedented, Olson said. In the two years prior to the leaks that led to the implosion of the group, their activities increased. Conti was responsible for more security incidents than any other ransomware band. The group stole and publicly published private information from more than 600 companies and government organizations. Its average rescue demand went from just $ 178,000 in early 2020 to nearly $ 1.8 million last year.
“They are ruthless,” Olson said, noting the group’s willingness to go after more vulnerable targets such as hospitals, health care providers, city governments and law enforcement agencies. “They work without a code of honor.”
At a dark web forum in February, Conti announced his “full support” for the Russian government and threatened to use its “full capacity to offer retaliatory measures” if NATO allies aimed at Russian infrastructure. with cyberattacks.
Image: Conti / Krebs on security
REvil
REvil is best known for demanding $ 70 million in 2021 from software infrastructure provider Kaseya: the largest ransomware attack ever recorded. The group was a pioneer ransomware as a servicea business model that allows cybercriminals to sell their piracy experience and launch attacks using their own particular ransomware software.
REvil software would infect and block networked office workstations, often shutting down the target business until a ransom demand was paid. REvil’s demands varied, depending on the size of the company and the type of data stolen. If a company did not pay, REvil would duplicate its ransom claims and publish the stolen data. Unit 42 analysts found that REvil’s average demand in 2021 rose to $ 2.2 million, more than four times the $ 500,000 it had previously asked for. Its highest rescue demand last year was $ 5.4 million.
The group was recently dismantled by Russia’s internal security agency at the request of several international law enforcement agencies, including the US authorities.
Hello Kitty
The HelloKitty group may be less famous than rival ransomware gangs, but they are pioneers. In early 2020, a Linux variant of its ransomware was targeted at VMWare software used in data centers. HelloKitty is best known for stealing and publishing source code for Polish video game developer CD Projekt Red.
The gang, also known as FiveHands, pushed for corporate goals and used a multi-front attack, often threatening to release stolen data on the dark web and hitting victims with denial of service attacks if ransom demands were not met. . Law enforcement believes that before the Russian invasion, the group operated from eastern Ukraine.
A cybersecurity expert talks about the rise in ransomware attacks
03:53
While not as economically successful as other major ransomware gangs, HelloKitty’s tactics and technology were innovative and inspired the most famous ransomware operators.
“Cybercrime is a cat and mouse game,” Olson said. “There are always ways to prevent attackers from succeeding. However, attackers will continue to evolve and innovate their tactics. It is critical to be prepared and educated about the latest threats so that you know how to protect your organization.”
- In:
- Cybercrime
Add Comment