July 10, 2024 at 06:08AM
Ransomware groups are evolving beyond encrypting and demanding payments to stealing sensitive information with custom malware. Cisco Talos revealed key tactics and identified 14 prominent ransomware groups, emphasizing their unique goals and activities. These groups employ double-extortion tactics and offer bespoke malware for data exfiltration. They utilize social engineering and infostealer malware to gain initial access to target networks and focus on defense evasion tactics.
From the meeting notes, it is clear that there has been a significant shift in the behavior of ransomware groups, with many now focusing on stealing valuable data in addition to encrypting it. The report by Cisco Talos highlights the emergence of new ransomware groups and their unique goals and operational structures. Some more established ransomware-as-a-service operations are now developing custom-built malware for data exfiltration, indicating a move towards more targeted cybercriminal activities.
The report identifies 14 ransomware groups selected based on the volume and impact of attacks. These groups have been employing double-extortion tactics and developing custom-built malware for data exfiltration. Two such groups, BlackByte and LockBit, have been mentioned as offering custom-built data exfiltration tools to their affiliates.
The modus operandi of these ransomware groups typically involves gaining initial access to the target network using various methods such as social engineering, network scanning, and infostealer malware. Once inside the network, they establish persistence, steal valuable data, and then encrypt it. There is also an emphasis on defense evasion tactics to increase dwell time in victim networks, including disabling or modifying antivirus and endpoint-detection tools.
It is worth noting that the use of infostealer malware has been highlighted as a common method for obtaining legitimate account credentials, which are then sold on the dark web as credential dumps. This emphasizes the importance of ensuring robust security measures such as multi-factor authentication to prevent unauthorized access.
Overall, the report indicates a significant evolution in the tactics and techniques used by ransomware groups, with a strong emphasis on targeted cybercriminal activities and defense evasion tactics to maximize their impact within victim networks.