Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Sophos report. Show all posts
Sophos report
ALPHV Black Cat ransomware group Cyber Attacks PR charm tactic Ransomware Groups Sophos report

Ransomware Groups are Using PR Charm Tactic to Put Pressure on Victims to Pay Ransom


Recently, ransomware groups have been increasingly adopting newer tactics, one of them being the transparent, quasi-corporate strategy with the media, with the benefits of building pressure on the victims to pay ransom. 

According to a report, released this week by Sophos X-Ops, ransomware groups like Royal, the Play and RansomHouse were seen engaging with journalists. This partnership is dubious, however advantageous to both the parties: hackers expose their victims or, in some high-profile cases, amend the record, while reporters receive scoops directly from primary (but untrustworthy) sources.

According to Christopher Budd, director of threat intelligence for Sophos X-Ops, "This shows that they're true hackers[…]Now they're trying to hack the information sphere, as well as the technical sphere."

Cybercriminals in Corporate Clothing

These days, ransomware organizations provide channels for direct connection that are not limited to victims. In addition to the typical "Contact Us" forms and PR-focused Telegram channels, useful resources and FAQs are available to support them.

The ultimate idea is: that by broadcasting their deeds in the news, these threat actors put public pressure on the victims, further pressurizing their suppliers, customers, etc. 

The threat actors often imply this idea in ransom notes. For example, Sophos recently analyzed a ransom note published by the Royal ransomware group, stating how "anyone on the internet from darknet criminals ... journalists ... and even your employees will be able to see your internal documentation" if the ransom deadline was not achieved. 

Attackers Playing Analysts

However, not all ransomware groups are joining hands with the media with the same humour. Groups like Clop ransomware and LockBit interacted more antagonistically with the outside world.

And while it appears petty or posturing at times, these conflicts are occasionally handled professionally.

For instance, in response to initial reports containing purportedly incorrect information about the MGM attack, ALPHV published a 1,300-word statement. 

Budd says, "In trying to assert their authority and take their claim, they actually published what amounts to threat research — the type of stuff that security companies do. And they provided some fairly objective, detailed technical explanation about the actions they had taken."

He notes that the ALPHV statement felt like something a security firm would publish. He observed that ransomware groups are “consciously adopting some of the principles” that security companies use daily.

Read more »
Sophos report
Cyber Attacks cybercriminals Cybersecurity Ransom Payment Ransomware recovery cost Retail Industry security measures Sophos report

Report: Retailers Face Challenges in Coping with Ransomware Attacks

 

In a disconcerting revelation, a recently released report suggests that retailers are finding themselves increasingly outmatched in the ongoing battle against ransomware operators. Conducted by cybersecurity experts Sophos, the survey enlisted the perspectives of 3,000 IT and cybersecurity leaders from small and medium-sized businesses (SMBs) and enterprises worldwide, with a particular focus on 355 respondents hailing from the retail sector. 

The findings are rather sobering, indicating that a mere 26% of retailers were successful in thwarting a ransomware attack before succumbing to having their valuable data encrypted. This figure represents a noticeable decline from the preceding year's 28%, and even more starkly from the 34% recorded two years prior.

Chester Wisniewski, the Director of Global Field CTO at Sophos, sounds a cautionary note, deeming the survey a resounding wake-up call for organizations within the retail industry. His message is clear: retailers must urgently fortify their security measures in the face of the escalating ransomware threat.

The report also sheds light on the protracted recovery process faced by victims who opt to meet the ransom demand. Among those who acquiesced, the median recovery cost, excluding the ransom payment itself, surged to four times that of those with a functional backup, reaching a staggering $3 million compared to $750,000. 

Approximately 43% of victims opted to pay the ransom, prompting Wisniewski to caution against shortcuts, underscoring the imperative of rebuilding systems to prevent cybercriminals from reaping the rewards of their malicious activities.

While there is a glimmer of optimism for retailers in the report - the percentage of firms targeted by ransomware threats dropped from 77% to 69% compared to the previous year - the recovery times have taken a hit. The proportion of companies able to recover in less than a day dwindled from 15% to a mere 9%, while those grappling with recovery periods exceeding a month increased from 17% to 21%.

Ransomware, as the report highlights, typically gains entry through the actions of unwitting employees, such as downloading malware or inadvertently providing attackers access to crucial endpoints. 

Consequently, the report underscores the critical importance of comprehensive employee education regarding the perils of cyberattacks. In addition to fostering employee awareness, safeguarding against ransomware necessitates strategic measures such as regular backups of critical systems and data, coupled with the implementation of robust endpoint protection services. The call to action is clear - retailers must fortify their cybersecurity defenses comprehensively to navigate the evolving threat landscape successfully.
Read more »
Subscribe to: Posts (Atom)