Over the past few years, the methods cybercriminals use to distribute ransomware has changed dramatically. While a few years ago, they would spread encrypted files on a large scale, today, their ransomware attacks have become more focused. Now, fraudsters examine the target in detail and research each target, looking for additional leverage. Infamous ransomware gangs behave like a fully-fledged online service provider, using traditional marketing techniques. Kaspersky experts have identified five clear examples of this transformation, using the Darkside ransomware gang as an example.
Darkside actively establishes contact with the press. On their website, there’s a semblance of a press center set up to enable journalists to ask questions and receive first-hand information, and to learn about upcoming publications of stolen information in advance. In fact, DarkSide operators strive to get as much resonance in the networks as possible.
Ransomware groups collaborate with decryption companies. This is evident because many state-owned companies are prohibited from entering negotiations with cybercriminals. This has created a demand for such intermediaries, who provide legitimate data decryption services.
Darkside claims to donate part of their income to charity. Thus, they show those who do not want to finance crime, that some of their money will go to a good cause. However, some charities are prohibited from accepting illicit money, and such payments would be frozen.
The cybercriminals now carefully analyze stolen data and the market. Before publishing information, they study the contacts of the company and identify well-known customers, partners and competitors. Kaspersky experts state that the main purpose of this is to maximize target damage, to intimidate victims and to increase the chances of getting a ransom.
The Darkside ransomware gang now has its own code of ethics, just like real enterprises do. They claim to never attack medical companies, funeral services, educational institutions, non-profit organizations, or government companies.
“We’ve witnessed a massive transformation in how ransomware gangs play in the market nowadays. The only reason for this shift is their immense profit. Today, cybercriminals have more funds than ever before, which they can invest in market analysis, and work with partners, journalists, and charities. To defeat them, we need to cut off their financial flows, and namely, to stop paying ransoms,” comments Roman Dedenok, security expert at Kaspersky.
In order to protect business data from ransomware attacks, Kaspersky recommends:
Installing only applications obtained from reliable sources from official websites
Always have fresh back-up copies of your files, so you can replace them in case they are lost (e.g. due to malware or a broken device). Remember to store them, not only on the physical object, but also in the cloud for greater reliability. Make sure you can quickly access them in an emergency
Paying more attention to digital literacy inside the company. For example, by introducing cybersecurity awareness training for your employees
Installing all security updates as soon as they are available. Always update your operating system and software to eliminate recent vulnerabilities
Carrying out a cybersecurity audit of your networks and remediating any weaknesses discovered in the perimeter or inside the network
Enabling ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware. It also prevents exploits, and is compatible with security solutions that are already installed
Remembering that ransomware is a criminal offence. If you become a victim, never pay the ransom. It won’t guarantee that you will get your data back, but it will encourage criminals to continue their business. Instead, report the incident to your local law enforcement agency. Try to find a decryptor on the internet – you will find some available at https://www.nomoreransom.org/en/index.html