Shifting Tactics: Ransomware and Beyond

Ransomware on the Rise

Ransomware, a type of malware that encrypts a victim’s files and demands payment in exchange for the decryption key, has become a significant threat to organizations of all sizes. According to a recent report by Huntress, ransomware represented almost 10% of all types of threats they detected or investigated.

Sectors Most Affected

The healthcare, technology, education, manufacturing, and government sectors saw the highest rates of ransomware incidents. However, it’s important to note that some other types of threats, such as malware or scripts, are often used as delivery mechanisms for ransomware or are employed by initial access brokers who then sell the access to ransomware groups.

New Tactics Emerge

Attackers are adapting and evolving their tactics, with a shift from simple ransomware attacks to more complex and sophisticated schemes. The researchers found that attackers focusing on extortion, data theft, and espionage tend to perform more actions, including pivoting, data harvesting, and exfiltration. On the other hand, attackers who rely on receiving ransomware payments for decryption tend to perform a lower number of actions, as they are “smashing and grabbing” and focusing on quick financial gain.

RMM Tools Under Attack

Huntress noted a significant spike in the abuse of remote monitoring and management (RMM) tools, such as ConnectWise ScreenConnect, TeamViewer, and LogMeIn, for both gaining and maintaining access to networks. Some ransomware groups have exploited zero-day vulnerabilities in RMM tools in the past, highlighting the importance of keeping these tools up to date and secure.

Leveraging New Vulnerabilities

Attackers are constantly on the lookout for new vulnerabilities to exploit, and RMM tools are no exception. In the past, some ransomware groups have exploited zero-day vulnerabilities in RMM tools, demonstrating the need for vigilant monitoring and swift patching of these vulnerabilities.

Conclusion

As ransomware continues to evolve and spread, it’s crucial for organizations to remain vigilant and proactive in their security measures. This includes implementing robust backups, keeping software up to date, and educating employees on the importance of cybersecurity.

Frequently Asked Questions

• What is ransomware?
  Ransomware is a type of malware that encrypts a victim’s files and demands payment in exchange for the decryption key.
• Which sectors are most affected by ransomware?
  The healthcare, technology, education, manufacturing, and government sectors saw the highest rates of ransomware incidents.
• What are the new tactics emerging in ransomware attacks?
  Attackers are focusing on extortion, data theft, and espionage, and are performing more actions, including pivoting, data harvesting, and exfiltration.
• How can I protect my organization from ransomware?
  Implementing robust backups, keeping software up to date, and educating employees on cybersecurity best practices can help prevent and mitigate the impact of ransomware attacks.