Ransomware

I’ve archived my previous work to update this section, but it’s important to be look back to see patterns and historical context. A lot has happened in just a couple of years of rapid evolution.

  • Highly targeted attacks on corporations vs ransom individuals
  • Big Game Hunting – knowing how much that corporation can pay and scaling the demands higher
  • RaaS – Ransomware as a Service
  • Setting affiliates up for success with access brokering
  • The unholy trinity of cybercrime operators Emotet, Trickbot, QBot to get a stake in the game and deliver ransomware payloads
  • Ryuk: big targets especially hospitals and healthcare
  • Maze: the originator of extortion tactics to steal data then encrypt systems and threaten publication
  • Extortionist Ransomware
  • Name & Shame sites.
  • Nation states get in on the action
  • The rise and fall and rebirth of groups: Ryuk/Conti, Maze/Egregor
  • Add some DDoS in there for extra incentive
  • OMFG Egregor

Going into 2021, the landscape has changed a bit. There were a couple major takedowns with Netwalker and Egregor removed for now. Both were prolific in their attacks. Emotet malware was also taken down. But time will tell how long that lasts as TrickBot came back fairly quickly.

What should we expect this year? Ransomware operators will go where the money is, following the principle of pain pays. Expect to see more targeting of industry, manufacturing, refineries- where operational tech or OT is used over IT. And where downtime is damaging. These groups are targeting law firms and legal services more, not surprising given how valuable that data is.