fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Is A Multi-Billion Industry And It Keeps Growing

Ransomware Is A Multi-Billion Industry And It Keeps Growing

An analysis from global cybersecurity company Group-IB reveals that ransomware attacks more than doubled last year and increased in both scale and sophistication.

The massive payouts that averaged between $1 and $2 million for some ransomware gangs attracted new actors that focused on large companies mostly in North America and Europe.

Pulling data from more than 500 attacks analyzed in incident response jobs, Group-IB was able to provide an overview of the evolution of the ransomware business in 2020 and the tactics, techniques, and procedures (TTPs) used in the events leading to encrypting victim systems.

The ransomware scene got larger and more dynamic, with operations of some prominent players being impacted or terminated either due to law enforcement efforts [12] or because they retired [123]. More and more actors now have leak sites where they publish stolen data from victims that did not pay the ransom.

Others started new operations that followed the successful ransomware-as-a-service model, the so-called affiliate programs, or handling every step from finding and compromising victims to deploying the file-encrypting malware on the network and negotiating the ransom.

Among the new actors that joined the big-money ransomware game in 2020 are Conti, Egregor, and DarkSide. As per Group-IB’s data, the first two became so prolific that they have a spot in the top five gangs with the largest number of attacks.

Also Read: Limiting Location Data Exposure: 8 Best Practices

Ryuk is missing from the above ranking because its attacks have been merged with its successor, Conti, Group-IB told BleepingComputer.

Important to note that all the groups above follow a business model where everyone involved focuses on what they do best: malware development, initial access, lateral movement. The profits are shared between the operators of the RaaS program and affiliates.

“Group-IB DFIR team observed that 64% of all ransomware attacks it analyzed in 2020 came from operators using the RaaS model. The prevalence of affiliate programs in the underground was the underlying trend of 2020.”

According to Group-IB’s data, this approach led to attacks increasing by 150% last year and a twofold growth of the average ransom, to $170,000. These figures are similar to statistics from ransomware remediation firm Coveware, which noted a $154,108 average for Q4 2020.

However, the greediest actors – Maze, DoppelPaymer, ProLock and RagnarLocker – demanded much higher ransoms that averaged between $1 million and $2 million. Among the highest payouts are astonishing figures reaching as much as $34 million.

Group-IB says that in terms of impact on victims ransomware attacks caused an average of 18 days of downtime last year.

For initial access to a target network, ransomware actors typically relied on botnets like Trickbot, Qakbot, Bazar, Buer, or IcedID that they partnered with specifically for this purpose.

Typically, the actors spent 13 days inside the compromised network before deploying the encryption process. During this period, they would move on the network and increase their control, identify and remove backups for increased impact.

The primary vector of compromise were external remote services – mostly RDP, followed by phishing, and exploiting public-facing applications (Citrix, WebLogic, VPN servers, Microsoft Exchange).

source: Group-IB

To help defenders stay up-to-date with how ransomware gangs operate, Group-IB mapped the most common TTPs observed during their 2020 incident response engagements according to the MITRE ATT&CK knowledge base of adversary tactics.

Group-IB describes the techniques and tactics below in a report released today, organized by the frequency of their encounter. The company provides mitigation recommendations for each attack method.

source: Group-IB

Also Read: 10 Practical Benefits of Managed IT Services

Based on their findings, the researchers predict that the ransomware threat will continue to grow and actors will adapt to make it even more profitable by using Linux variants more often and advancing or changing their techniques (e.g. focus on stealing data for extortion and abandoning encryption).

Furthermore, compromising enterprise networks for resale to ransomware affiliates will become a busier market as more actors will want to join the big-money game.

Group-IB also says that more state-backed threat actors will get involved either for financial rewards or disruptive purposes.

Oleg Skulkin, senior digital forensics analyst at Group-IB, says that ransomware has become “an organized multi-billion industry with competition within, market leaders, strategic alliances, and various business models.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us