There’s no denying the fact that in 2019, cybercrime’s biggest star was ransomware. Last year, successive waves of ransomware paralyzed public institutions, organizations, and companies all over the world. These attacks caused companies to lose data, brought organizations’ productivity to a halt, as well as provoking considerable economic losses due to the costs of recovering from these attacks. One company spent over €50 million on getting back to normal after one such security incident. Some organizations that suffered ransomware attacks even took the controversial decision to pay the ransom to recover their files.
If there is one characteristic that defines cybercrime, it is its capacity to evolve and adapt to new landscapes, and its ability to seek new ways of infringing its victims’ cybersecurity. Ransomware is no exception to this, and towards the end of 2019, we began to see new tactics being used by this kind of malware.
Ransomware combined with blackmail
The latest trend in ransomware is to combine the encryption of its victims’ files with an attempt to blackmail them, and thus make them more likely to pay the ransom. Several ransomware campaigns have been seen that, before encrypting the system, steal sensitive data, which it can then threaten to leak if the ransom isn’t paid.
The latest ransomware to have been seen using this technique is called Nemty, and its controllers have created a blog specifically to publish the stolen files. For the time being, the only data on the blog is 3.5GB of files stolen from a victim. There are an increasing number of ransomware strains that are using this tactic. The first strain to combine ransomware with blackmail in this way was Maze; others that have used this tactic are DoppelPaymer and Sodinokibi.
Information stolen and used in this way can include highly sensitive data, such as the company’s financial information, personal information about employees, customer details, or other important documents.
At the beginning of March, Visser Precision, a company that supplies parts for the for aerospace, automotive, industrial and manufacturing industries, suffered an attack of this kind. The cybercriminals used the ransomware DoppelPaymer to encrypt the company’s files. The attackers then began to publish the files that had been stolen from the company, including non-disclosure agreements and schematics for missile antenna designed by the company.
A way to force payment
With this tactic, cybercriminals hope to make victims more likely to pay the ransom; with the threat of a potential data breach, an organization that suffers this kind of attack could have to deal with the repercussions of breaking data protection regulations. What’s more, they would have to deal with the other measures needed in the case of a data breach, such as notifying affected customers, something that could have a negative impact on the organization’s reputation.
The cost of ransomware
This new trend is just the latest way of trying to get money out of the victims of ransomware. However, according to figures published by the FBI, this kind of cybercrime has had considerable success over the last few years. Between January 2013 and July 2019, ransomware operators made $144.35 million in bitcoin.
Protect against the latest threats
Cybercrime has proven time and again that it is able to evolve to adapt to any efforts made to stop it. This is why it is so important to take all possible measure to fight it. The first thing is to ensure that cybercriminals cannot get onto the system through a poorly protected protocol; according to the FBI, between 70 and 80% of ransomware gets in through RDP (Remote Desktop Protocol). To ensure this cannot happen, this protocol must be deactivated unless it is strictly necessary.
The next most common entry vector for ransomware is phishing. To stop threats from getting in through this vector, the best option is to follow a zero-trust stance: if you don’t know the sender, don’t open any attachments and don’t click on any links.
Even if we exercise caution, there is still a chance that a cybercriminal could manage to find a way to get onto the company’s system. This is why it is so important to have a cybersecurity solution that knows exactly what is happening on the network at all times. Panda Adaptive Defense monitors all activity on every computer, at all times. It stops any unknown process until it can be classified as trusted. What’s more, it doesn’t use signatures to detect malware—a technique that can let new or unknown malware slip through the net. Rather, it uses a zero-trust attitude.
Ransomware isn’t going to stop causing problems for organizations on a global scale, and this new trend will not be the last innovation used by cybercriminals to endanger corporate cybersecurity. Protect yourself with Panda Adaptive Defense.