Gone are those days ransomware attacks used to be about encrypting your data; now it is all about data exfiltration. Subsequent to data exfiltration comes encryption and extortion.
What’s going on?
Nowadays, ransomware attacks are less focused on data loss and more on publishing the stolen data online. These attacks have evolved into double extortion, which makes the availability of backup data entirely useless. The trend was initiated by REvil and was soon adopted by other threat actors.
- From an opportunistic model, threat actors have moved to a targeted approach. The campaigns are less indiscriminate.
- Usually, the initial attack vector involves the exploitation of known vulnerabilities in commercial VPN software.
- In other cases, attackers abuse RDP-enabled machines exposed to the internet.
- However, human access has also turned out to be a vector recently.
- Recently, the Italian liquor company Campari fell victim to a novel extortion campaign run by Ragnar Locker. The attackers started running Facebook ads about their hack to pressure victims into paying the ransom.
- Another ransomware - Pay2Key - is suspected to emerge as the next big threat. It is active in the wild and has already targeted numerous organizations.
The bottom line
Experts anticipate ransomware threats to evolve further in the near future and pose greater threats to businesses. These attacks can lead to financial loss, reputational damage, and severe lawsuits. Thus, security teams are required to come up with better defense strategies.