Ransomware-based attacks, in which criminals block access to sensitive data and demand a ransom payment to release it, are becoming an increasingly sophisticated industry. Aiming at large and small businesses, actions of this type involve large sums of money that are used to increase the boldness and impact of these actions around the world.
According to Kaspersky it showed that, between 2019 and 2020, attacks of the type increased by 767% – the bigger the company, the more frequent the attacks are attempted. An analysis conducted on the actions of the DarkSide gang, which specializes in actions related to ransomware, shows five examples of how criminals are becoming increasingly sophisticated to make money illegally.
- Use of media contacts: in partnership with the DarkSide Leaks website, the group is publishing news about its actions and allowing journalists to inquire about future targets and stolen data. The idea is to bring more attention and increase fear between the public and the affected companies;
- Partnership with decryption companies: Many victims of ransomware do not deal with criminals, which does not mean that they do not come into contact with companies and experts in decryption. Darkside works by making agreements with these external agents, providing them with access keys in exchange for part of the payment they receive through legitimate means;
- Pledge of donations: in a context in which Robin Hood is a figure admired by many, DarkSide tries to clean up his image as a criminal with the promise of allocating part of the bailouts obtained to charities. However, in addition to not changing the fact that their activities are illegal, many charities are prohibited from accepting illicit money – that is, even if payments are actually made by criminals, they will remain frozen;
- Declaration of ethical principles: DarkSide does not sell itself as a criminal group, but as an ethical entity that never attacks medium-sized companies, funeral services, educational institutions, NGOs or government companies. However, this ethical code is not always followed and provides a great deal of flexibility;
- “Business Analytics”: Before charging ransoms, the group carefully analyzes the stolen data to make the most of it. By studying contracts and customers affected by theft, for example, they can get in direct contact with them – or with competitors – in order to show what has been achieved and increase the pressure for a company to pay the required ransom.
To avoid falling victim to the attacks, Kaspersky encourages companies to follow some recommendations:
- Train employees to create awareness of good cybersecurity practices;
- Perform frequent backups and store them in safe places, thus avoiding the loss of important data if they are abducted by criminals;
- Install only applications obtained from reliable and official sources;
- Perform security updates as soon as they are made available by the developers;
- Perform a cybersecurity audit on your network, correcting as soon as possible the weaknesses discovered in the perimeter or within the network;
- Enable protection against ransomware on all endpoints.
The company also warns that organizations affected by ransomware should not pay the required ransoms, no matter how dangerous the consequences may be. In the event of attacks and data theft, they should contact the responsible authorities and organizations specializing in cybersecurity to try to recover their data.