Criminal Investors are strengthening ransomware
Ransomware

Criminal investors empower ransomware; and here are some security solutions for businesses

A new trend in the cybercriminal environment is creating an economy that experts compare to the Silicon Valley venture capital scene. A form of ransomware attack, based on "crime investors" and with very successful operations. These investors provide support in the form of bitcoin or another cryptocurrency to then receive a portion of the payments.

The most notable example of this new "business model" is DarkSide. The ransomware group made headlines in 2021 when it caused the American Colonial Pipeline company to suspend its operations for several days, leading to a brief fuel crisis in much of the eastern United States.

Although the DarkSide gang seemingly came out of nowhere, it can actually be traced back to another well-established operation. The group formed as a branch of the ZLoader malware, being a variant of the Zeus Trojan. 

With a few members in common, DarkSide was able to grow, thanks to the bitcoin support given by the ZLoader group, which in turn enjoyed a portion of the ransom payments DarkSide received.

This type of "business model" is becoming more popular in the closed circle of ransomware cybercriminals

With the success of cybercrime investments, the various groups have sought to branch out with new operations. Members have adopted a kind of venture capital structure, where one team will provide funds to help another prepare with infrastructure and the necessary tools.

Like venture capitalists, these sponsors take this risk of putting money into ransomware attacks to receive a share of the profits. When the new malware team starts collecting ransom payments, the sponsors are the first to collect.

In fact, all this is a big risk, but the investors get a priority payout of the funds

Just as in Silicon Valley, where getting funds may require a reputation with the right connections, in the underworld of ransomware attacks, not just any aspiring cybercriminal can enjoy the investments. 

Being part of the investor group requires cybercriminals to prove that they have already established themselves as capable operators. In many cases, a person will need to be able to move a small amount of money into a bitcoin wallet connected to a major ransomware operation, showing that they were involved in that team.

The ransomware market is maturing

Part of this big problem is that investments in the ransomware market are maturing. A class of criminals who started their operations as teenagers looking for payoffs in the range of a few thousand dollars has morphed into large, multi-million dollar criminal operations.

The targets of ransomware attacks are deliberately selected so that the ransoms have high values. As were the drug cartels in the late 20th century.

With more money at stake, comes greater sophistication of attacks. Experienced and highly technical ransomware operators are able to create several new malware families and ransomware groups. 

In this way, cybercriminals can buy information from dark web marketplaces to access companies through compromised credentials, unpatched vulnerabilities, and other weaknesses.

As a result, security providers and government agencies find themselves dealing with a much larger number of possible suspects and leads while trying to trace the attacks back to a single source.

This whole scenario, puts companies in all segments at risk. Ransomware is about to explode, and unless we want to find ourselves with another drug cartel situation, swift and decisive action must be taken to crack down on these ransomware operations.

How to prevent it?

Any flaw or vulnerability can be used as an attack vector in ransomware cases, which makes defense a complex task. There is no single solution, no silver bullet. The best course of action is to put in place a smart cybersecurity strategy, considering a few key points:

Integrated view of risks

Perform integrated cyber risk management. This aligns security priorities with the company's business vision, protecting critical digital assets and systems. Aligned in this way, organizations can make better-informed and more strategic business decisions.

Access Management

Manage digital identity and access rights across multiple systems. A modern security platform is able to aggregate and correlate different identity and access rights data that is distributed across the IT landscape to improve control over user access.

SOC borderless

Your company does not need to invest in a security operations center. With ISH's Cybersecurity Operations Center (SOC), teams of experts analyze the risk to which the company is exposed and, from there, design the most appropriate response strategy. Monitoring is borderless. It reaches cloud, networks, systems, applications and devices.

Talk to an ISH expert to understand how to protect yourself from threats like ransomware. Get in touch now.

Leave a Comment

Your e-mail address will not be published. Required fields are marked with *

Copyright © 2022 ISH Tecnologia, All Rights Reserved.