Why rookie hackers are capitalizing on ransomware
Ransomware attacks continue to rapidly rise in 2023. Research by Visa Inc. found that March of this year recorded the most attacks of any month to date, with ransomware up by 91% compared to February, or a 62% since March 2022.
Today’s increasingly hostile ransomware landscape has been caused by two main factors. First, the increased use by ransomware gangs of AI services such as ChatGPT and its dark web equivalent FraudGPT to mass produce highly-personalized and plausible emails with weaponized links as phishing lures. Second, the proliferation of highly professional do-it-yourself ransomware kits, frequently packaged with 24×7 phone support for budding cybercriminals with weak computing skills.
These two factors are spawning a new generation of ransomware gangs with novel tactics, techniques and procedures (TTPs). In addition to established players like LockBit, security teams must thwart this host of newcomers, each of whom presents their own unique threat.
Rhysida Ransomware, a new Ransomware-as-a-Service (RaaS) group that emerged in May 2023, exemplifies this trend. Rhysida primarily targets the education, government, manufacturing, technology and managed service provider sectors, in addition to recent attacks on the healthcare and public health organizations. Rhysida operates as a 64-bit Portable Executable (PE) Windows cryptographic ransomware application deployed through phishing attacks or by dropping payloads across compromised systems after first deploying Cobalt Strike or similar command-and-control frameworks. Once deployed, Rhysida encrypts files and demands payment in bitcoin via a TOR-based portal.
And Rhysida is just one of an expanding array of emerging threats. Big Head ransomware is another example. Still under development, this .Net-based malware gets distributed through malvertising campaigns, disguised as fake Windows updates and MS Word installers. Big Head’s fearsome functionalities, from data stealing to file encryption, make it a formidable adversary, even as the identity of its creators remains elusive.
Refined iterations of existing threats are also appearing, as exemplified by the latest version of Raccoon Stealer. Also known as “Racealer,” Raccoon…