Cyber criminals are Their efforts to maximize disruption and force payment of ransom demands have become more aggressive and new extortion tactics are now being implemented.
In early November, the notorious ALPHV ransomware gang, also known as BlackCat, used an unprecedented extortion tactic, weaponizing the U.S. government’s new data breach disclosure rules against one of the gang’s own victims. I tried. ALPHV has filed a complaint with the U.S. Securities and Exchange Commission (SEC), alleging that digital lending provider MeridianLink failed to disclose what the gang calls a “significant breach of customer data and operational information.” did. The gang took the credit..
“We would like to draw your attention to a concerning issue regarding MeridianLink’s compliance with the recently adopted Cybersecurity Incident Disclosure Regulations,” ALPHV wrote. “We are aware that MeridianLink has failed to file the required disclosures under Item 1.05 of Form 8-K within the required four business days, as required by new SEC rules.”
ALPHV’s latest extortion campaign is the first of what is expected to be a trend in the coming months after the rule goes into effect. Although novel, this is not the only aggressive tactic used by ransomware and extortion gangs.
Hackers, typically known for deploying ransomware, are increasingly resorting to “double extortion” tactics, where in addition to encrypting a victim’s data, they also threaten to release stolen files if a ransom demand is not paid. We are transitioning. Some people go further with “.”triple “Extortion” attack. As the name suggests, hackers use her three-pronged approach to extort money from victims by extending blackmail and ransom demands to the original victim’s customers, suppliers, and associates. To do. These tactics have been used by the hackers behind the widespread MOVEit mass hack, marking a significant milestone in the trend of extortion attempts that do not use encryption.
While vague definitions may not seem like the biggest cybersecurity issue facing organizations today, the distinction between ransomware and extortion is important. Especially since defenses against these two types of cyberattacks can be very different. This distinction also helps policy makers learn what ransomware trends are and whether anti-ransomware policies are working.
What is the difference between ransomware and extortion?
Ransomware Task Force I will explain Ransomware is “an evolving form of cybercrime in which criminals remotely infiltrate computer systems and either restore data or demand a ransom in exchange for not releasing the data.”
In reality, ransomware attacks can have far-reaching effects. In an analysis with TechCrunch, ransomware experts Allan Liska, a threat intelligence analyst at Recorded Future, and Brett Callow, a threat analyst at Emsisoft, explained that ransomware, broadly defined, is a collection of content on an insecure Elasticsearch instance. From a “$50 attack” to a devastating “encryption-based attack that poses a life threat to hospitals”.
“But obviously they’re very different animals,” Liska and Callow said. “One is an opportunistic porch pirate who steals Amazon deliveries, and the other is a team of thugs who break into homes, terrorize families, and take away all their possessions.”
Researchers say there are similarities between “encryption and extortion” attacks and “extortion-only attacks,” including their reliance on brokers selling access to compromised networks. But there are also important differences between the two, especially when it comes to victim clients, vendors, and customers, whose own sensitive data may be caught up in an extortion-only attack.
“We’ve seen this play out repeatedly, where attackers organize stolen data to find the largest or most well-known organizations and launch attacks against them. “This is not a new tactic,” Liska and Callow said, noting that one ransomware group claims to have hacked a major technology company, when in fact it hacked a little-known technology vendor. He gave an example of data theft.
“Preventing attackers from encrypting files on your network is one thing, but how do you protect the entire data supply chain?” Liska and Callow said. “In fact, many organizations don’t think about their data supply chain… yet each point in that supply chain is vulnerable to data theft and extortion attacks.”
We need a more precise definition of ransomware
Authorities have long prevented hacked organizations from paying ransom demands, but it’s not always an easy decision for companies victimized by hackers.
In encryption and extortion attacks, companies have the option of paying a ransom demand to obtain the key to decrypt their files. However, if you pay a hacker using aggressive extortion tactics to delete your stolen files, there is no guarantee that the hacker will actually delete them.
This was demonstrated in the recent ransomware attack on Caesars Entertainment, which rewarded hackers in an effort to prevent the release of stolen data. In its own admission, Caesars told regulators that it had “taken steps to ensure that the data stolen by the wrongdoers is deleted, but we cannot guarantee the outcome.”
“In fact, we should assume they won’t do that,” Liska and Callow said, referring to claims that the hackers would delete the data they stole.
“With a better definition of ransomware that accounts for the distinction between different types of attacks, organizations should be able to identify any type of ransomware, whether it occurs within their own network or a third-party network. We will be able to better plan and respond to Were attacks, Liska and Callow said.
Source: techcrunch.com
