Tag: Victims | Page 2

Hacking Victims Paid $1.1bn In Ransoms Last Year

February 8, 2024/in Internet Security

New research has revealed the scale of extortion being carried out by cyber criminals against ransomware victims in 2023.

New York-based blockchain analysis firm Chainalysis in its ‘2024 Crypto Crime Report’, found that ransomware payments exceeded $1bn in 2023, which was a record high.

It comes after a similar report from Chainalysis in February 2022 found that roughly 74 percent of all ransomware payments in 2021 had been sent to Russian-linked cyber-criminals.

2022 vs 2023

The latest Chainalysis report found that while 2022 saw a decline in ransomware payment volume, the overall trend line from 2019 to 2023 indicates that ransomware is an escalating problem.

In 2022 the report suggested that several factors had likely contributed to the decrease in ransomware activities two years ago, such as geopolitical events like Russia’s illegal invasion of Ukrainian.

This Ukraine war not only disrupted the operations of some cyber actors, the report stated, but also shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction.

Last December the UK’s National Cyber Security Centre (NCSC) had warned that Russian intelligence services, namely Centre 18 of Russia’s Federal Security Service (FSB), were carrying out a “sustained” attack on UK politics and the democratic process in this country.

And the Chainalysis report noted that 2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks.

Watershed year

The Chainalysis report found that in 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies.

Indeed, major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways.

As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims, the report found.

Chainalysis called 2023 a watershed year for ransomware.

Conservative…

Source…

The number of ransomware victims is booming — despite major threats being shut down

February 6, 2024/in Internet Security

Despite the police dismantling some of the biggest and most dangerous ransomware threats out there, ransomware as a criminal industry continues to flourish.

A new report from cybersecurity researchers from Palo Alto Networks’ Unit 42, which found a 49% increase in victims reported on ransomware leak sites.

In total, there were 3,998 new entries, posted by various groups, across the dark web.

Short expiration date on ransomware groups

Unit 42 attributed this surge to high-profile vulnerabilities like SQL injection, which were used on products like MOVEit and GoAnywhere. Those with good memory will remember that Cl0p, for example, abused a zero-day vulnerability in the MOVEit managed file transfer solution to exfiltrate sensitive data on more than 2,000 organizations. Before that, the GoAnywhere fiasco saw firms like Procted & Gamble, or Hitachi, lose sensitive files.

LockBit, ALPHV, and others, all tried to find zero-day flaws to abuse and either install encryptors, or just exfiltrate data and demand ransom.

As the number of victims grows, at the same time the number of ransomware operators is shrinking. Hive and Ragnar Locker are no more, and so are Ransomed.Vc and Trigona. ALPHV was almost completely dismantled but managed to return, possibly rebranded.

Furthermore, leak site data revealed the emergence of 25 new ransomware groups in 2023, which the researchers hint shows continued appeal in ransomware as a profitable criminal activity. However, many of these new groups did not last, disappearing in the second half of the year.

As expected, ransomware operators weren’t really picky when it comes to the target industry, but manufacturing still remained the most affected vertical out there. Most victims – 47% – are located in the United States. LockBit remained the most active group in 2023, followed by ALPHV (AKA BlackCat) and Cl0p.

More from TechRadar Pro

Source…

What makes ransomware victims less likely to pay up?

January 26, 2024/in Internet Security

There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more.

University of Twente researcher Tom Meurs and his colleagues wanted to know which factors influence victims to pay the ransom or not, and which factors have an effect on the ransom amount organizations end up paying.

Based on the data provided by the Dutch National Police and a Dutch incident response organisation on 481 ransomware attacks between January 2019 and January 2023, they discovered that “cases involving exfiltration of data result in a higher probability of payment, as observed in 40% of such incidents, compared to 25% when no data exfiltration occurs.”

“Additionally, the average amount paid is substantially larger, approximately 1.2 Million euros when data is exfiltrated, as opposed to 89,407 euros when no data exfiltration is confirmed,” they noted.

Other crucial findings

The researcher found that the decision to pay depends on whether the victim organization has backups and whether they have hired an incident response (IR) company to deal with the attack.

Victim organizations that have recoverable backups were 27.4 times less likely to pay off ransomware attackers than those without recoverable backups.

“Additionally, our analysis showed that companies consulting the IR company were more willing to pay, as they sought guidance expert assistance in recovering from the ran- somware attack,” they pointed out.

Data exfiltration, insurance coverage and the yearly revenue of the victim, on the other hand, are factors that affect the ransom amount a victim will pay (if they decide to pay).

“Having insurance results in ransoms that are 2.7 times larger, data exfiltration corresponds to a 4.4 times increase in the ransom, and each 1% increase in a victim’s yearly revenue causes a 0.12% rise in the ransom paid,” they discovered.

To reduce the profitability of ransomware attacks, Meurs and his colleagues say policy makers and law enforcement should consider:

Emphasizing the importance of having recoverable (offline) backups and urging companies to conduct ransomware attack simulations
Encouraging companies…

Source…

Hunters International Ransomware Adds Four New Victims

January 5, 2024/in Internet Security

The Hunters International ransomware group has claimed four new victims, expanding its reach across industries and countries.

The targeted organizations include Gunning & LaFazia in the United States, Thermosash Commercial Limited in New Zealand, PROJECT M.O.R.E. in the U.S., and Bradford Health Care, a healthcare institution.

The Targets: Diverse Industries and Geographic Locations

The announcement of cyberattack was made through the group’s dark web portal, showcasing their continued audacity in breaching security systems. The implications of these Hunters International ransomware attacks could be far-reaching, given the diverse industries and geographic locations of the victims.

Hunters International Ransomware — Source: Twitter

The USA and New Zealand have found themselves at the forefront of this latest cyber onslaught.

Hunters International Strikes Again: Four New Victims Added to Dark Web Portal

To verify the legitimacy of the Hunters International ransomware attack claim, The Cyber Express Team reached out to the targeted organizations. Unfortunately, as of the writing of this report, no responses have been received, leaving the claims unverified.

Interestingly, the official websites of the targeted organizations were found to be fully functional, raising questions about the authenticity of the Hunters International ransomware group’s assertions.

Hunters International ransomware has become synonymous with a repetitive attack pattern, drawing parallels to their previous operations. A significant revelation from October exposed code overlaps between the ransomware used by Hunters International and the once-dominant Hive ransomware.

Bitdefender, a cybersecurity vendor, confirmed this finding, suggesting a strategic decision by the Hive group to transfer its operations and assets to Hunters International.

Repetitive Tactics: Hunters International Ransomware Attack Pattern

This recent cyberattack on multiple organizations echoes a similar pattern observed in 2023 when the L’Azienda USL di Modena Regional Health Service in Italy fell victim to a cyber breach attributed to Hunters International.

Before these incidents, the ransomware group targeted InstantWhip, a major player with a revenue of US$300 million. InstantWhip has yet to release any…

Source…

Tag Archive for: Victims

2022 vs 2023

Watershed year

Conservative…

Other crucial findings

The Targets: Diverse Industries and Geographic Locations

Repetitive Tactics: Hunters International Ransomware Attack Pattern