OpenText today published a Nastiest Malware of 2022 report that highlighted how ransomware attacks are evolving into triple threats. In addition to encrypting and stealing data, many attackers now include a distributed denial-of-service (DDoS) attack when victims refuse to cave to ransom demands.
Specifically, the report identified the Lockbit ransomware gang as the main driver of this latest evolution of ransomware attacks. Lockbit is now the most prolific and successful ransomware group currently operating, the report noted.
However, OpenText also noted a resurgence of the Emotet ransomware gang after many of its affiliates were taken down by law enforcement officials.
Tyler Moffitt, senior security analyst for OpenText Security Solutions, said it appeared that the arrests of those Emotet affiliates was roughly equivalent to the arrest of low-level drug dealers on the street. More simply filled the vacancies without ever getting to the organized kingpins that recruited those affiliates and directed them to launch cyberattacks in the first place.
In fact, the report noted that ransomware groups never really disappear. Since being taken down, the Conti ransomware gang has now rebranded into multiple operations, most notably HelloKitty, BlackCat and BlackByte. Qbot, possibly the oldest info-stealing Trojan, still receives updates today, while Valyria has evolved from a banking Trojan into a difficult-to-detect malspam botnet with email attachments.
Finally, the report also noted that the ‘hacker holiday season’ that usually occurs between January and April of each year did not occur in 2022. In fact, there was an 1100% increase in phishing attacks during the first four months of 2022 compared to the same period the previous year. The downturn in the economy may have led to a spike in attacks that normally decline after cybercriminals enjoyed the fruits of their ill-gotten gains during the previous holiday season, noted Moffitt.
Many of the individuals involved in these attacks now also specialize in various aspects of crafting a multi-dimensional cyberattack, noted Moffitt. As a result, it’s become more challenging to permanently disrupt those attacks, because specialists in one area such as phishing can be easily replaced or realigned with other DDoS attack specialists, he added.
It’s not clear how well organizations can fend off DDoS attacks, but Moffitt noted smaller organizations are not as capable of coping with a DDoS attack that is specifically designed to cripple their digital operations. Ideally, most organizations should have a layered defense strategy in place capable of thwarting a multi-dimensional attack, he added.
In the meantime, the first line of defense remains end users who are trained to recognize phishing attacks, said Moffitt. End users need to be regularly trained to recognize these attacks to prevent malware from being injected into an IT environment. Of course, not every end user is going to be equally adept at recognizing phishing attacks, but the absence of any training increases the chances there will be a major attack that paralyzes the organization.
The one thing that is clear is that the volume and sophistication of ransomware attacks are becoming much more vicious with each passing day.