This ancient saying about crime could never be more misleading, at least with regard to current cyber-criminals. Crime pays more than ever for these criminal individuals that use ransomware as their weapons.
Cybersecurity startup Emisoft predicts that real worldwide ransomware costs, including business disruptions and ransom payments in 2020, amounted to a minimum of US$42 billion and up to around US$170 billion, respectively.
A Veritas Technologies study indicated that 66 percent of victims confessed payment of some or all of the lifestyle, according to research published on Wednesday by managed eSentire detection and response company.
The analysis, written by the security research team of eSentire, called the Threat Response Unit (TRU), showed that six ransomware groups claimed at least 290 new victims this year. The total prizes cost the hackers possibly $45 million.
Researchers from eSentire have been paired up with dark web researcher Mike Mayes to follow the ransomware organizations Ryuk/Conti, Sodium/REvil, CLOP, and DoppelPaymer. Two new cybergangs known as DarkSide and Abaddon were also monitored.
The DarkSide gang is supposed to ring certain known bells. He is responsible for the ransomware assault on the colonial pipeline earlier this month.
Entire TRU and Hayes observed that in 2020 particular groups built up hundreds of victims. Between 1 January and 30 April this year, 292 new victim organizations were jointly affected. The average ranking paid by the researchers climbed from $115,123 in 2019 to $312,493 in 2020, up 171% year on year.
“There are far more successful ransomware operations that have affected firms than the public might imagine. There is no industry/business of any kind that is not the possible objective of these organizations, “TechNewsWorld was informed by Mark Sangster, eSentire’s vice president.
Booming Hacker Business
Attacks of Ransomware are regular. Their compensation is sometimes not made public by the victims because of public confidence or humiliation. However, the hacking groups are not shy about promoting their successful achievements on their own blogs and leaks.
In the past three months, the eSentire report reported three new attacks:
Tata Steel — Sodium/REvil ransomware gang penetrated in April. Tata Steel refuses to pay the ransom of $4 million.
Broward County School District — the Ryuk/Conti gang penetrated in March. Actor threats requested $40 million and the district stated it didn’t pay.
Apple’s next-generation MacBooks Quanta Computer — also Sodin/REvil attacked. Hackers allegedly requested $50 million in April, first from Quanta who said no to the ransom and then from Apple.
However, researchers observed that, despite growing claims of ransomware attacks in the media, the victim organizations that the media reveals have fallen relative to the real occurrences.
One example using ransomware that happened last month but was never disclosed the involvement of a tiny private US enterprise. According to a high-ranking employee of the firm who wanted not to be recognized, the threat actors claimed $12 million.
As cyber assaults progress at rapid speed, CTI has become a key component of cybersecurity programs. Without intelligence, enterprises sail blindly over highly turbulent skies, suggested Dov Lerner, leader of Cybersixgill’s security research.
“At the strategic level, CTI will allow managers to grasp the geography of the threat and estimate the dangers to their enterprises. CTI is utilized on a more tactical level to stop harmful breach indications and to identify affected data, “TechNewsWorld informed Lerner.
As more everyday commerce and businesses are digitized, dark web actors have greater potential to consume and exploit sensitive material placed on underground platforms, he said. The cybercrime underground continues to expand and pandemic and economic crises might lead to more threats by people looking for unlawful money activities and recently extremist political speech.
There is no doubt about successes
Sangster claimed its experts think that for various reasons, the organizations that these hackers claim to have penetrated are true:
Each ransomware gang provides countless samples of different data and papers which the victims’ firms have taken. Furthermore, they all appear real.
Researchers saw threats posting a victim on their leakage site. Later, potentially weeks down the line, a ransomware assault is publicly targeted.
These ransomware outfits do not gain from lying about the victims they claim to have compromised. If they posted victims on their leak site that they were unable to breach, the news would very rapidly circulate, and no victim would pay them.
“Those six blog/leak sites we have studied by our security research team, TRU, and the dark web researcher, Mike Mayes; we have also studied the TTPs of these organizations we have collected from tracing them from the beginning of their crime,” stated Sangster.
Researchers have just completed all their results and share their information with the different law enforcement organizations, he noted.
Expanded List of Attack
Esentire and Mayes observed that the six groups that they have followed for this analysis are not only still targeted at the common suspects – the state and municipal governments, school districts, legal companies, hospital organizations and health services. They have broadened their target list to include manufacturers in the United States, Canada, South America, France, and United Kingdom.
Here is a summary of the new victims of this enlarged list of attacks:
Ryuk/Conti
The ransomware gang Ryuk/Conti first surfaced in August 2018. Their earliest victims were mostly U.S.-based organizations. These included technology corporations, health care providers, educational institutions, suppliers of financial services, and several national and local governments.
The gang affected 352 organizations and this year alone included 63 enterprises and private sector groups. TRU evaluated 37 of Ryuk’s 63 victims, 16 of whom developed anything from medical gadgets, industrial furnaces, electromagnetic radiation devices, and school management software.
In 2021 transport/logistics firms, construction firms, and healthcare organizations were apparently compromised by Ryuk.
Sodin/REvil
This year, Sodin/REvil named 161 new victims, including 52 manufacturers and certain health care organizations, transport/logistics enterprises and construction industries. In March, Acer, a producer of computers and gadgets, claimed a $50 million ransom.
When Quanta Computer makes Apple notebook computers declined to bargain, the Sodin thieves apparently resorted to Apple for the ransom, as indicated above. Sodin hackers uploaded “Happy Blog,” a threat that they would expose what they claimed are technical information of existing and future Apple hardware if they weren’t compensated for it.
DoppelPaymer
The ransomware organization DoppelPaymer debuted in 2019. The website of the DoppelPaymer Group says that they compromise 186 victims since their start in 2021 alone was 59. The victims include countless governmental and municipal organizations and several educational institutions.
In December 2020, the FBI published a warning that “Doublespaymer Ransomware has been used by unidentified actors, since the end of August 2019, to encrypt data of victims within critical industries worldwide, including healthcare, emergency and education, interrupting access to services by citizens.”
Many of the SMBs claiming to be victims have never been disclosed or many public sector bodies have ever been reported in the news. The Illinois Attorney General’s office, which initially uncovered the DoppelPaymer assault on 10 April 2021, is one of the exceptions.
Clop Clop (Cl0p)
The Clop ransomware was originally launched in February 2019 and became more well recognized throughout October 2020 as the first organization to claim a ransom of over 20 million dollars. The victim, Software AG, a German IT corporation, refused to pay.
Clop created news this year to sacrifice stolen data for victims and to get contact information for the customers and partners of the firm, and to email them with the desire for the victims to pay for their money.
DarkSide
DarkSide is a new group of ransomware. The TRU of Esentire started monitoring it in December of last year, roughly one month after it appeared. The operators claim that have infected a total of 59 companies on their blog/leak site, compromising 37 of them in 2021.
The victims are in the United States, South America, the Middle East, and the United Kingdom. They include manufacturers, such as energy firms, apparel firms, and transport firms, of various sorts of goods.
Late on May 13, the DarkSide blog/leak website said that DarkSide threats players had lost access to the infrastructure they were using to operate and would be closed. The warning blamed a law enforcement agency disruption and pressure from the United States. The operators always said they offered their software using a ransomware-as-a-service approach before the website came down.
The operators of DarkSide said that they were like Robin Hood only in the case of profitable firms which might afford a ransom. According to the article of eSentire, managers of the organization also emphasized that they would not assault hospitals, palliative care centers, nursing homes, funerary homes, and vaccine firms.
Avaddon
Avaddon operators, whose demands for ransomware were first seen in the wild in February 2019,
This ancient saying about crime could never be more misleading, at least with regard to current cyber-criminals. Crime pays more than ever for these criminal individuals that use ransomware as their weapons.
Cybersecurity startup Emisoft predicts that real worldwide ransomware costs, including business disruptions and ransom payments in 2020, amounted to a minimum of US$42 billion and up to around US$170 billion, respectively.
A Veritas Technologies study indicated that 66 percent of victims confessed payment of some or all of the lifestyle, according to research published on Wednesday by managed eSentire detection and response company.
The analysis, written by the security research team of eSentire, called the Threat Response Unit (TRU), showed that six ransomware groups claimed at least 290 new victims this year. The total prizes cost the hackers possibly $45 million.
Researchers from eSentire have been paired up with dark web researcher Mike Mayes to follow the ransomware organizations Ryuk/Conti, Sodin/REvil, CLOP, and DoppelPaymer. Two new cybergangs known as DarkSide and Avaddon were also monitored.
The DarkSide gang is supposed to ring certain known bells. He is responsible for the ransomware assault on the colonial pipeline earlier this month.
Esentire TRU and Hayes observed that in 2020 particular groups built up hundreds of victims. Between 1 January and 30 April this year, 292 new victim organizations were jointly affected. The average ranking paid by the researchers climbed from $115,123 in 2019 to $312,493 in 2020, up 171% year on year.
“There are far more successful ransomware operations that have affected firms than the public might imagine. There is no industry/business of any kind that is not the possible objective of these organizations, “TechNewsWorld was informed by Mark Sangster, eSentire’s vice president.
Booming Hacker Business
Attacks of Ransomware are regular. Their compensation are sometimes not made public by the victims because of public confidence or humiliation. However, the hacking groups are not shy about promoting their successful achievements on their own blogs and leaks.
In the past three months, the eSentire report reported three new attacks:
Tata Steel — Sodin/REvil ransomware gang penetrated in April. Tata Steel refuses to pay the ransom of $4 million.
Broward County School District — the Ryuk/Conti gang penetrated in March. Actor threats requested $40 million and the district stated it didn’t pay.
Apple’s next-generation MacBooks Quanta Computer — also Sodin/REvil attacked. Hackers allegedly requested $50 million in April, first from Quanta who said no to the ransom, and then from Apple.
However, researchers observed that, despite growing claims of ransomware attacks in the media, the victim organizations that the media reveals have fallen relative to the real occurrences.
One example using ransomware that happened last month but was never disclosed the involvement of a tiny private US enterprise. According to a high-ranking employee of the firm who wanted not to be recognized, the threat actors claimed $12 million.
As cyber assaults progress at rapid speed, CTI has become a key component of cybersecurity programs. Without intelligence, enterprises sail blindly over highly turbulent skies, suggested Dov Lerner, leader of Cybersixgill’s security research.
“At the strategic level, CTI will allow managers to grasp the geography of the threat and estimate the dangers to their enterprises. CTI is utilized on a more tactical level to stop harmful breach indications and to identify affected data, “TechNewsWorld informed Lerner.
As more everyday commerce and businesses are digitized, dark web actors have greater potential to consume and exploit sensitive material placed on underground platforms, he said. The cybercrime underground continues to expand and pandemic and economic crises might lead to more threats by people looking for unlawful money activities and recently extremist political speech.
There is no doubt about successes
Sangster claimed its experts think that for various reasons, the organizations that these hackers claim to have penetrated are true:
Each ransomware gang provides countless samples of different data and papers which the victims’ firms have taken. Furthermore, they all appear real.
Researchers saw threats posting a victim on their leakage site. Later, potentially weeks down the line, a ransomware assault is publicly targeted.
These ransomware outfits do not gain from lying about the victims they claim to have compromised. If they posted victims on their leak site that they were unable to breach, the news would very rapidly circulate, and no victim would pay them.
“Those six blog/leak sites we have studied by our security research team, TRU,and the dark web researcher, Mike Mayes; we have also studied the TTPs of these organizations we have collected from tracing them from the beginning of their crime,” stated Sangster.
Researchers have just completed all their results and share their information with the different law enforcement organizations, he noted.
Expanded List of Attack
Esentire and Mayes observed that the six groups that they have followed for this analysis are not only still targeted at the common suspects – the state and municipal governments, school districts, legal companies, hospital organizations and health services. They have broadened their target list to include manufacturers in the United States, Canada, South America, France, and United Kingdom.
Here is a summary of the new victims of this enlarged list of attacks:
Ryuk/Conti
The ransomware gang Ryuk/Conti first surfaced in August 2018. Their earliest victims were mostly U.S.-based organizations. These included technology corporations, health care providers, educational institutions, suppliers of financial services and several national and local governments.
The gang affected 352 organizations and this year alone included 63 enterprises and private sector groups. TRU evaluated 37 of Ryuk’s 63 victims, 16 of whom developed anything from medical gadgets, industrial furnaces, electromagnetic radiation devices, and school management software.
In 2021 transport/logistics firms, construction firms, and healthcare organizations were apparently compromised by Ryuk.
Sodin/REvil
This year, Sodin/REvil named 161 new victims, including 52 manufacturers and certain health care organizations, transport/logistics enterprises and construction industries. In March, Acer, a producer of computers and gadgets, claimed a $50 million ransom.
When Quanta Computer makes Apple notebook computers declined to bargain, the Sodin thieves apparently resorted to Apple for the ransom, as indicated above. Sodin hackers uploaded “Happy Blog,” a threat that they would expose what they claimed are technical information of existing and future Apple hardware if they weren’t compensated for it.
DoppelPaymer
The ransomware organization DoppelPaymer debuted in 2019. The website of the DoppelPaymer Group says that they compromise 186 victims since their start in 2021 alone was 59. The victims include countless governmental and municipal organizations and several educational institutions.
In December 2020, the FBI published a warning that “Doublespaymer Ransomware has been used by unidentified actors, since the end of August 2019, to encrypt data of victims within critical industries worldwide, including healthcare, emergency and education, interrupting access to services by citizens.”
Many of the SMBs claiming to be victims have never been disclosed or many public sector bodies have ever been reported in the news. The Illinois Attorney General’s office, which initially uncovered the DoppelPaymer assault on 10 April 2021, is one of the exceptions.
Clop Clop (Cl0p)
The Clop ransomware was originally launched in February 2019 and became more well recognized throughout October 2020 as the first organization to claim a ransom of over 20 million dollars. The victim, Software AG, a German IT corporation, refused to pay.
Clop created news this year to sacrifice stolen data for victims and to get contact information for the customers and partners of the firm, and to email them with the desire for the victims to pay for their money.
DarkSide
DarkSide is a new group of ransomware. The TRU of Esentire started monitoring it in December of last year, roughly one month after it appeared. The operators claim that have infected a total of 59 companies on their blog/leak site, compromising 37 of them in 2021.
The victims are in the United States, South America, the Middle East, and the United Kingdom. They include manufacturers, such as energy firms, apparel firms and transport firms, of various sorts of goods.
Late on May 13, the DarkSide blog/leak website said that DarkSide threats players had lost access to the infrastructure they were using to operate and would be closed. The warning blamed a law enforcement agency disruption and pressure from the United States. The operators always said they offered their software using a ransomware-as-a-service approach before the website came down.
The operators of DarkSide said that they were like Robin Hood only in the case of profitable firms which might afford a ransom. According to the article of eSentire, managers of the organization also emphasized that they would not assault hospitals, palliative care centers, nursing homes, funerary homes, and vaccine firms.
Avaddon
Avaddon operators, whose demands for ransomware were first seen in the wild in February 2019,