How Ransomware Groups are like Businesses

This week’s cyber news looks behind the scenes into ransomware groups and how they operate. And surprisingly, they resemble successful businesses. See the 4 ways they resemble below.

Thanks to all 1400 subscribers! If you like receiving the cyber news every week, be sure to show your support by sharing this article. It helps a lot!

A Ransomware Emerges After…Taking a Break…

An old ransomware gang reappeared and targeted Russia. Named OldGremin, the ransomware group has been inactive for over a year. However, at the end of March, they launched two successful phishing campaigns. Apparently the ransom requested from victims was as high as $3 million. (BleepingComputer)

Thoughts: Great reminder that if a ransomware group can take a break, so can everyone else, especially people in IT.

The “Most Successful” Ransomware Group Has Salaried Employees

Ransomware group Conti came out as pro-Russia. As a result, it is believed that an act of revenge is what led to revealing details about the hacker group. The group recently emerged in 2020. Since then, they have “made” $2.7 billion in cryptocurrency. They are known to be the most successful ransomware group. And probably because they have a HR Department, performance reviews and recognition to the “employee of the month.” With 350 members, it is actually believed that some employees don’t even know they are working for a ransomware group.

“Alarmingly, we have evidence that not all the employees are fully aware that they are part of a cybercrime group,” said Lotem Finkelstein, the head of threat intelligence at Check Point Software Technologies. “These employees think they are working for an ad company, when in fact they are working for a notorious ransomware group.” (CNBC)

Thoughts: They have an org chart. My mind is blown! They’re more organized than many legitimate businesses I have come into contact with.

Brief Decline in Ransomware Attacks in January and February

According to the stats, there are only 143 recorded victims in January of this year. This is a decline in comparison to November 2021 when there were 359 victims. Let’s look at why this might be. It is said that many ransomware groups are based in Russia-Ukraine area. Therefore, the war shifted their focus for a while. Apparently, dips in ransomware attacks are normal around the holidays. (TheRecord)

Thoughts: It is said that many companies used the holiday break to strengthen / increase their cyber resilience. Noting that ransomware groups have “busy” phases and “down” periods, is helpful to know for the average company. Based on this article, companies should be spending at least the end of every calendar year bolstering their cyber security measures.

Big Ransomware Groups Take Over the Landscape in Q1

LockBit 2.0 and Conti are responsible for over half of the ransomware attacks in Q1 of 2022. LockBit 2.0 accounted for 38% of all ransomware attacks and Conti were responsible for 20%. That means only two ransomware groups are behind over 50% of all ransomware attacks. (zdnet)

Thoughts: Like in every industry, there are “big players” that outdo / overshadow their competition.

‍