5 new rules ransomware gangs play by nowadays: Kaspersky report
Over the last few years, technology has moved ahead immensely, and alongside so has the ways cybercriminals distribute malware and ransomware since the older, now common, methods no longer work. Till some time ago, cybercriminals would use encrypted files to spread ransomware on a large scale, now ransomware attacks have become more focused. Nowadays, cybercriminals and hackers examine their targets in detail and do their research so as they can gain additional leverage. Ransomware gangs behave like fully-fledged online service providers and use traditional marketing techniques. Experts at Kaspersky have identified five examples of how these ransomware distribution methods, and how they work, have altered by studying the Darkside ransomware gang as an example.
1. Darkside actively establishes contact with the press.
On the Darkside website, there’s a semblance of a press center set up to enable journalists to ask questions and receive first-hand information, and to learn about upcoming publications of stolen information in advance. In fact, DarkSide operators strive to get as much resonance in the networks as possible.
2. Ransomware groups collaborate with decryption companies.
As the Kaspersky report points out, this is evident because many state-owned companies are prohibited from entering negotiations with cybercriminals. This has created a demand for intermediaries like decryption companies, who provide legitimate data decryption services.
3. Darkside claims to donate part of their income to charity.
They show those who do not want to finance crime, that some of their money will go to a good cause. However, some charities are prohibited from accepting illicit money, and such payments would be frozen.
4. The cybercriminals now carefully analyze stolen data and the market.
Before publishing information, they study the contacts of the company and identify well-known customers, partners, and competitors. Kaspersky experts state that the main purpose of this is to maximise target damage, to intimidate victims, and to increase the chances of getting a ransom.
5. The Darkside ransomware gang now has its own code of ethics.
There’s honour among criminals, just like in real enterprises. They claim to never attack medical companies, funeral services, educational institutions, non-profit organizations, or government companies.
To protect business data from ransomware attacks, here are the steps you can take:
- Install only applications obtained from reliable sources from official websites
- Always have fresh backup copies of your files, so you can replace them in case they are lost (e.g. due to malware or a broken device). Remember to store them, not only on the physical object but also in the cloud for greater reliability. Make sure you can quickly access them in an emergency
- Paying more attention to digital literacy inside the company. For example, by introducing cybersecurity awareness training for your employees
- Install all security updates as soon as they are available. Always update your operating system and software to eliminate recent vulnerabilities
- Carry out a cybersecurity audit of your networks and remediating any weaknesses discovered in the perimeter or inside the network
- Enable ransomware protection for all endpoints.
- Remembering that ransomware is a criminal offence. If you become a victim, never pay the ransom. It won’t guarantee that you will get your data back, but it will encourage criminals to continue their business. Instead, report the incident to your local law enforcement agency. Try to find a decryptor on the internet – you will find some available here.