The World of Cybercrime: The gangs behind ransomware attacks

The World of Cybercrime: The gangs behind ransomware attacks

The most worrying and prevalent cyberthreat businesses have faced in the past 5 years have been ransomware attacks. In a recent report it was found that 37% of respondents had been hit with a ransomware attack in the past year. Unfortunately, these number are increasing year on year, and unless businesses have systems in place, they will likely fall victim to an attack at some point.

This massive rise in ransomware attacks have been attributed to a number of high-profile ransomware gangs that distribute the malicious software to a network of affiliates to extort money from their targets. In this article we will delve into the world of cybercrime and discuss the top ransomware gangs, the future of cybercrime, and how businesses can avoid falling victim to a ransomware attack.

What is Ransomware?

Ransomware is a cyberattack that uses malware to encrypt a business’s data and hold them at ransom, not giving the encryption key unless they pay the ransom. Whilst the data is encrypted, employees are unable to access files, databases, IT systems or applications. This malware is designed to spread throughout a system, encrypting every file on a business’s network, often causing significant downtime. These attacks often use a phishing email to initiate the exploit and malware infection.

The Top Ransomware Gangs

The three most prevalent ransomware gangs are REvil, Conti and Darkside. REvil is a ransomware-as-a-service operation. They developed a ransomware toolkit and recruit affiliates to launch ransomware for them, taking a cut of the profits. This year they have been responsible for 13.5% of all attacks, including their attack on a company in Apple’s supply chain, Quanta. REvil stated that in 2020 they profited over $100 million from their ransomware attacks.

In 2021, Conti was responsible for 13.5% of all ransomware attacks. This gang has been functional since 2018 and in that time have been ruthless with their attacks, including attacks on the education sector and the Irish Healthcare system. The average Conti ransom payment is currently over $400,000 and incidents typically last over 15 days.

The third most prevalent ransomware gang is DarkSide. It is a relatively new group, but has swiftly risen in notoriety, being responsible for 11.5% of all ransomware attacks in 2021. What sets DarkSide apart from other ransomware gangs is their reputation for operating ‘ethically’ and once vowed never to target any public infrastructure. However, this this vow was broken as DarkSide was infamously responsible for the Colonial Pipeline attack earlier this year. The group is more professional than other ransomware gangs, and even has a customer service division to ensure its victims’ systems are restored correctly.

The Future of Cybercrime

As ransomware continues to be a lucrative industry for cybercriminals, it is likely that these attacks will only become more prevalent. In the past year, more ransomware gangs have been working together to share tactics, ransomware toolkits, and some gangs are even working together to infect targets at the same time, to receive two pay outs on the ransom.

A worrying trend of the past year is the fact that ransomware gangs are also targeting smaller businesses. For a cybercriminal, although the amount that can be charged for the ransom is less for a small business, they are less likely to have comprehensive security, making them an easy target.

How to Protect Your Business

To protect your business from a ransomware attack, the three primary concerns to address are update and patch management, email security and the implementation of a disaster recovery plan.

Most ransomware attacks work by exploiting vulnerabilities within software. Keeping all devices, software, and antivirus protection up to date significantly reduces the chance of falling victim to an attack. Whenever an update is available, all employees should run them immediately, and there should be systems in place to ensure that employees do not postpone updates and patches for longer than necessary.

As most ransomware attacks start with a phishing email, emphasis should be placed on email security. Employees should have phishing awareness training to be able to spot a potential phishing attempt and be aware that they should not open an email or click on an attachment from an unknown sender. However, this should not be the only line of email defence. Solutions such as Mimecast Email Security can quarantine any potential phishing email, ensuring that it does not land in an employee’s inbox.

If a business does fall victim to a ransomware attack, it is important to have recent backups and a comprehensive disaster recovery plan in place. Although this does not stop the attack in the first place, it greatly reduces the amount of downtime after an attack, without having to pay out a costly ransom. Acronis Cyber Protect uses AI-based behavioural detection and in the case of a ransomware attack it will automatically remove the ransomware and revert the file to a recent backup.

The past 5 years have shown that all businesses are at risk of a ransomware attack, regardless of size or industry. If your business doesn’t have security measures in place, now is the time to strengthen your security posture before it is too late. If you want to find out more on how to keep your business safe from an attack, get in touch today.