Ransomware 3.0: Cybercriminals Go ‘All-In’ to Steal

By February 8, 2022 Blog, Uncategorized
Ransomware 3.0 Attackers Go All-In

INTRO
We’re one full month into 2022 and one thing is clear: it isn’t radically different from 2021. Whether you’re talking about pandemic response, supply chain volatility, labor/skills shortages, last year’s business challenges are still here. But in some cases, like with cybersecurity, things are even more complicated. It’s not just an “IT problem” anymore. Cyberattacks threaten the livelihoods and reputations of CEOs, board members, and senior management.

In 2021, ransomware developers began partnering with well-organized threat groups to customize their attacks. Holding systems hostage is still a tactic, but now it’s one of many. In this new era, threat actors are going ‘all-in’ (to borrow a poker term) to wring every last cent out of organizations like yours.

RANSOMWARE 3.0 – OLD FOUNDATION, NEW TACTICS 
The initial goal is to gain access. Typically, that means one or more of the following approaches:

  • Social Engineering – deceiving someone on your team into believing they’re trustworthy and should be let in
  • Unpatched Software – exploiting vulnerabilities in internet-accessible software to enter
  • Password Attacks – guessing passwords manually using human intelligence, using sophisticated password-cracking applications, and/or purchasing stolen passwords

Once the hackers have access, their focus shifts to achieving persistence. That means gaining access across the network and establishing additional pathways in. Even if their initial entry point is shut down, they can’t be removed easily.

The next phase is brand new. The infiltrators get smart. They research the company, its assets, biggest clients, procedures, and power structure. They learn how money flows. They identify where the most valuable personal information lives. They observe internal emails to see if anything embarrassing or private is being shared.

From there, they review their options on how best to victimize their target:

  • diverting company funds directly into their own accounts.
  • impersonating employees and launching social engineering campaigns.
  • exfiltrating (stealing) data and selling it on the dark web, culminating in identity threat or extortion.
  • misusing/selling the company’s computer infrastructure for crypto-mining, adware, or even outsourced computer storage.
  • launching DDoS (Distributed Denial-of-Service) attacks designed to cut off access.
  • blackmailing or harassing employees with stolen information.
  • using the company’s infected systems as a base of operations to send spam emails or launch new attacks.
  • threatening even more pain and inconvenience unless their demands are met.

As long as they have access, this new breed of cybercriminals will shift between techniques until everything of value has been taken.

HOW CAN AN MSP HELP?
Most IT departments in the US lack the staffing and resources to handle and respond to cyber incidents. Outsourcing your cybersecurity to a Managed Services partner is the most effective way to protect your money, data, and reputation. But not all MSPs are created equally.

We prioritize our clients’ security by:

  • leveraging cutting-edge tech like CyBlok SIEM and MDR/XDR to monitor for anomalies and vulnerabilities.
  • regularly patching and updating software.
  • proactively scanning the dark web for vulnerabilities.
  • fostering a security-first culture, which includes password management, two-factor authentication, as well as staff training and testing.
  • Identity and Access Management which includes quickly shutting off access for terminated staff.
  • implementing a comprehensive data backup strategy, including off-site backups which cannot be disabled by malicious actors.
  • following a detailed incident response plan if a breach does occur.
  • assisting with compliance needs, including cyber liability insurance requirements.
  • baking security into every recommendation and justifying the cost as it compares to a successful breach.

Summary
Ransomware 3.0 is the next step in the evolution of cybercrime. It may be difficult to tackle yourself, but don’t lose hope. By picking an MSP with the right expertise, you can layer on measures that drastically reduce the likelihood that you’ll be bankrupted by a successful attack.

For a limited time, TCG Network Services is offering a complimentary cybersecurity evaluation to businesses of all sizes. To find out if you qualify or to learn more about Ransomware 3.0, contact us today.

Leave a Reply