HomesecurityRansomware groups: How do they use collaboration platforms for their "businesses"?

Ransomware groups: How do they use collaboration platforms for their "businesses"?

Speaking at Black Hat Europe 2020, Mitchell Clarke and Tom Hall, chief security consultants at Mandiant, explored the evolving global ransomware threat landscape. Clarke and Hall stressed that cyber attacks are constantly evolving and becoming more and more complex. At the same time, hackers are demanding huge ransoms from their victims, while specializing and streamlining their ransomware strategies through collaboration platforms - presenting them as Ransomware-as-a-Service (RaaS) offerings. In other words, cybercriminals are targeting organizations and sell access in ransomware groups.

According to the speakers, ransomware teams usually exploit critical vulnerabilities to gain a foothold in as many as possible. networks victims and return after weeks or even months to take advantage of these steps to develop full-scale ransomware attacks.

Ransomware groups: How do they use collaboration platforms in their "businesses"?

Such collaboration platforms are "attractive" to them hackers, as they offer basic benefits, such as creation malware, communicating and negotiating with victims and, in some cases, processing payments as well as delivering decryption support services.

For example, the REvil is a Ransomware-as-a-Service company that appeared in the landscape of threats this year, having extracted large sums of money from organizations worldwide. REvil manages a Ransomware-as-a-Service platform - one platform with many different collaborators or other intruders involved to use the same malware and the same platform.

Ransomware groups: How do they use collaboration platforms in their "businesses"?

Mitchell estimates that ransomware will continue to be a major threat to organizations in 2021, with gangs demanding even greater ransoms from their victims. In addition, the consultant predicts that the number of ransomware victims will increase significantly, while the damage that will be called to repair the victim organizations as well as the blackmail for the leak of stolen goods will be escalated. data.

In particular, Mitchell stated the following: "We may reach a point where the only way to recover from an ransomware attack is to pay for it. ransom or have a good backup mechanism, which can be quite rare right now. "

Every accomplishment starts with the decision to try.