Ransomware groups change tactics to evade law enforcement: The latest quarterly study from Rapid7 also found that newly forged alliances are leading to a spike in ransomware activity while adding that tactical innovations, from refined extortion to double extortion and use of zero day, are also playing a part in increased malfeasance.The quarter also saw 88 active ransomware groups, up from 65 in Q2 and 76 in Q1, signalling an increase in activity as well as highlighting the changing shape of a febrile threat environment.Groups such as Qilin, SafePay, and WorldLeaks led a wave of alliances targeting industries like business services, manufacturing, and healthcare, Rapid7 reports.These same groups began experimenting with file-less operations, single-extortion data leaks, and affiliate service offerings such as ransom negotiation assistance, where a more senior member of the group partners with a less experienced player to extort the victim.Cyber extortion incident response firm Coveware reports that remote access compromise, phishing/social engineering, and software vulnerability exploitation remain at the core of intrusion activity, but the distinctions between them are increasingly blurred.”Adversaries increasingly obtain access not just by logging into a system, but by convincing someone else to provision it for them,” Coveware explains. “Campaigns that blurred these lines, such as those impersonating SaaS support teams or abusing help-desk processes to gain OAuth authorization, demonstrated how human trust can be engineered into a technical foothold.”Credential-based intrusions through VPNs, cloud gateways, and SaaS integrations continued to serve as the prime vector of ransomware attacks.Coveware Q3 2005 ransomware study identified Akira and Qilin as the two most prominent ransomware variants doing the rounds. Some ransomware groups are rebranding as data-theft-only outfit, ditching file encryption as an extortion tactic, Coveware adds.
Review and reinforce cybersecurity measures: Matt Hull, head of threat intelligence at NCC Group, said more than 200 ransomware variants have been identified so far this year.”As ransomware activity accelerates and notable attacks continue to cause widespread economic and operational disruption, vigilance is more critical than ever. Organisations should use this moment to reinforce their security measures and test incident response plans,” Hull said. “Proactive monitoring, staff awareness, and secure backups remain key as we move into the year’s peak threat season.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4096263/alliances-between-ransomware-groups-tied-to-recent-surge-in-cybercrime.html
