BlueVoyant, the industry’s leading integrated, end-to-end internal and external cyber defense platform, announced its 2022 ransomware attack playbook series, comprising five mini reports that shed light on how ransomware attacks happen, why and what happens when they do, as well as the impact they have on various different stakeholders.
Also Read: KLDiscovery Introduces Nebula Singularity™ Global Subscription Service
Following a series of major ransomware incidents in 2021, BlueVoyant sought to demystify and explain some of the basic questions around ransomware attacks and the actors involved.
The BlueVoyant ransomware series launches on January 27 and kicks off with a series introduction before diving into “Ransomware Gangs,” charting how this form of attack started and then has become so prevalent in the cybercriminal economy. It traces the evolution of leak sites, ransomware-as-a service (RaaS) while exploring how this has fueled growth and how gangs and ransomware such as REvil, Maze, Darkside, Avaddon, Ryuk, WastedLocker and Netwalker have evolved in the underground economy.
Thomas Lind, Co-Head of Strategic Intelligence at BlueVoyant, said: “It is fascinating how those early ransomware innovations have now spawned a whole industry whereby gangs have structured themselves into businesses, creating their own ecosystem of partners and vendors who develop marketing campaigns and other initiatives, just like any other legitimate business.
“Now, the availability of RaaS has opened the market up to less skilled attackers, but we have also seen a shift away from unsophisticated tactics to longer-term approaches designed to deliver a far more substantial payoff. Attackers are identifying lucrative targets and devoting considerable effort to gaining undetected access to the network, exfiltrating data and gaining persistence sometimes months before they encrypt the organization’s systems and demand a ransom.”
Ransomware attacks have increased dramatically in the past couple of years, doubling and – in some instances – quadrupling in frequency. The playbook series highlights that according to the U.S. Department of Justice, approximately 4,000 ransomware attacks occur daily, and that number has grown annually over the past few years.
The surge in attacks has been fueled in part by the rise of the “triple extortion” ransomware technique, whereby attackers not only steal sensitive data from organizations but threaten to release it publicly unless a payment is made, while also targeting the organizations’ customers, vendors and business partners. But it is more than just a criminal enterprise of holding individuals and companies to ransom; it has become a tool for geopolitics, an issue for policymakers and a threat to the health and safety of citizens.
, authorities are ratcheting up pressure on organizations not to pay ransoms in a bid to try and cut off the attackers’ incentive. In 2021 the U.S. Department of the Treasury issued an advisory notice announcing that firms that engage with ransomware victims to facilitate ransom payments may be liable for prosecution if they pay groups that are subject to U.S. sanctions. However, so far this has had little success in slowing the onslaught since many of the attackers are not covered by sanctions.