Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/9/2021
04:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Ransomware Cartels Using New Tactics to Extort Money

San Francisco, California, 9 June 2021 – Gangs of cyber criminals, organising themselves along the lines of drug cartels, are changing the ‘rules’ of ransomware attacks to keep ahead of the authorities’ efforts to thwart their activities. That’s the conclusion of a new report by leading cyber analytics expert CyberCube. 

According to CyberCube’s report, Enterprise Ransomware: Assessing the future threat and what it means for (re)insurerscyber criminals are organising themselves into cartels involving their peers in the criminal underground. These cartels, formed to execute attack campaigns collaboratively, are expanding the playbook used by hackers to include so-called ‘double-extortion’, data exfiltration and data modification. 

The report concludes that in 2021, cybercriminal cartels behind ransomware payloads will be responsible for the majority of attritional losses in the insurance market, and potentially even aggregation events due to cyber-attacks.  

Darren Thomson, CyberCube’s Head of Cyber Security Strategy and one of the report’s authors, said: “Ransomware is now right at the top of the agenda for cyber insurers, reinsurers and brokers. This is because cyber criminals are continuing to adjust and improve their ransomware approaches in response to increasingly sophisticated cyber defence – and to reap as much reward as possible.  

“What we’re seeing now is the rise of cyber cartels – loose affiliations of criminal hackers intent on gaining the maximum amount of money possible. They’re doing this by introducing new tactics into their attacks. This keeps them ahead of advances in security and allows them to extort money not once but twice.” 

The report warns insurers to expect the criminal cartels to continue to target high-profile organisations including Fortune 500 companies having researched their ability to pay a ransom prior to the attack. In addition, the techniques used to conduct these attacks are becoming more sophisticated and more targeted in the 2021 period.  

In a double extortion attack, the report says, hackers not only encrypt the victim’s data, but also copy it to one of their own servers. Once the victim has paid the ransom, the cyber cartel still has the data in its possession, which it can use for the purpose of further extortion. Double-extortion first appeared in 2019 and gained popularity in 2020. 

Criminals are also starting to threaten data integrity through data modification. In these attacks, the criminals tell the business that element of their data has been altered. These attacks are likely to become increasingly prevalent in the next few years and will focus on sectors utilising sensitive data such as healthcare and financial services. 

According to CyberCube, there are now many prolific double-extortion ransomware cartels – Maze, REvil, Sodinokibi, DoppelPaymer, Nemty and more – creating their own websites where they publish data stolen from non-paying victims.  

Other newly emerging ransomware-related threats include the development of ransomware worms – malware that can spread without human interaction – and increasing focus on so-called ‘single points of failure’ (SPoFs). SPoFs are systems and services common to many thousands or millions of users and have the potential to affect large swathes of businesses. The recent attacks on Microsoft Exchange are a good example of this type of SPoF attack. With the right cyber modeling solution, insurers can more reliably estimate the impact of future attacks. 

According to Security Boulevard, 337 confirmed ransomware events also resulted in a data breach in 2019. That number doubled to 676 in 2020. 

Enterprise Ransomware: Assessing the future threat and what it means for (re)insurers examines key trends in ransomware attacks and points towards future developments. Uppermost is the continuing evolution of ransomware attacks away from individuals to commercial businesses and other organisations able to meet the cyber criminals’ increasingly expensive ransom demands. Copies of the report are available from CyberCube’s website. 

ENDS 

About CyberCube 

CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modeling on thousands of points of technology failure. 

The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners and backing from ForgePoint Capital, HSCM Bermuda, MTech Capital and individuals from Stone Point Capital. For more information, please visit www.cybcube.com or email [email protected]

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18442
PUBLISHED: 2021-06-18
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
CVE-2021-3604
PUBLISHED: 2021-06-18
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.
CVE-2005-2795
PUBLISHED: 2021-06-18
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2021-32954
PUBLISHED: 2021-06-18
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
CVE-2021-32956
PUBLISHED: 2021-06-18
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.