Successful ransomware attacks may allow malicious actors to earn even a few million USD in digital assets. As a result, ransomware groups are attracting the attention of both qualified malicious actors and amateurs who are interested in making easy money. Even low-level cybercriminals actively try to grab a slice of the pie without even knowing any details about ransomware attacks. The security specialists of the company Abnormal Security have provided details on the amateur social engineering ransomware attack whereby malicious actors have been trying to fool employees to install DemonWare, one of the least sophisticated ransomware.
To carry out this attack malicious actors use social media such as LinkedIn to identify and reach targets. Malicious actors offer their victims the possibility to earn huge money by installing ransomware. Attackers leave their contact details for any questions. The attackers try to persuade their targets that the latter will not be caught since ransomware applies encryption. DemonWare can be easily downloaded from GitHub. In this case, the attackers behind the amateur attacks are from Nigeria.
An undisclosed sum of money has been invested by Microsoft in the cloud data management company Rubrik. The two companies are going to develop Zero Trust products built on the Azure Cloud. As of 2019, Rubrik was valued at $3.3 billion. Rubrik provides to customers ransomware recovery and cloud backup and recovery services on AWS, Microsoft 365, Google Cloud, and AWS. Microsoft’s investment is explained by the company’s focus on pushing organizations to adopt Zero Trust architecture.
The partnership between the two companies will also help customers push more data to the cloud. According to Rubrik, a partnership with Microsoft will allow its customers to protect critical applications including Oracle, SAP, VMWare, and SQL as well as network-attached storage devices with Azure. Generally, Microsoft and Rubrik support more than 2,000 mutual customers worldwide. Microsoft considers the cloud as the most prominent way to fight against ransomware.
Nation-state actors can censor internet access via a new type of distributed denial-of-service attack. Also, by abusing middleboxes they can target any website. The first of its kind TCP-based DDoS amplification attack has been identified by the team representing the University of Maryland and the University of Colorado Boulder. The researchers revealed the technique by applying the artificial intelligence algorithm. Previously, reflective amplification attacks used to be restricted to User Datagram Protocol (UDP) based protocols.
The researchers have discovered attacks offering 100,000 plus, one million-plus, and even technically infinite amplification. Many off-the-shelf commercial firewalls and nation-state censorship infrastructure can be exploited in this way. By using censorship infrastructure attackers can commit denial-of-service attacks on almost anyone on the Internet. It’s extremely difficult for potential victims to defend against these attacks.
The key possible issue behind ransomware insurance is that rewards for bad behaviour just stimulates bad behaviour. Ransomware insurance has longly been suspected of excusing lax security. Also, ransomware insurance has given ransomware gangs confidence that they will get their malicious reward timely. Although companies are not interested in disclosing information regarding experienced ransomware attacks, it’s very likely that ransomware claims have become more widespread due to the recent intensification of ransomware crimes.
It’s important to realize that when companies pay a ransom, there is no guarantee that malicious actors will return the stolen assets or data. For example, 1 out of 5 victims paying a ransom does not get back the compromised files. This year, the insurance giant AXA has stated that it would stop insuring against cyberattacks. The company has explained its decision by the lack of guidance from the side of the government. However, as of now, only a few insurance companies have decided to stop insuring against cyberattacks including ransomware attacks.
More than $14 mln are lost by large US companies on average due to phishing attacks in 2021. When speaking about the losses per employee, this figure reaches $1,500. For comparison, in 2015 the losses experienced by companies due to phishing equalled just $3.8 mln. The study has been made by Ponemon Institute and was sponsored by Proofpoint. Busines email compromise is one of the most expensive threat types. Just in 2020, organizations lost $1.8 bln due to business email compromises.
According to the study, paying ransom amounts to just 20% of the expenditures caused by a ransomware attack. Most of the losses experienced by companies as a result of a ransomware attack are associated with productivity decline and remediation activities. For example, each employee losses 7 hours of his working time annually due to a phishing scam. Employees spend a lot of time cleaning and fixing infected systems while companies spend significant resources and efforts conducting investigations.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.