Ransomware by the numbers – This Week in Ransomware for the week ending Sunday, July 24, 2022 | IT World Canada News

Ransomware the primary menace  

Ransomware was recognized because the primary menace that companies are actually going through, in line with respondents in a current report from Palo Alto Networks Unit 42. The report notes:

84 per cent of IT teams saw ransomware as representing a significant or very significant risk. Other threats posed included: unpatched vulnerabilities and firmware attacks on laptops (83 per cent), data leakage (82 per cent), account/device takeover (81 per cent), targeted attacks and man-in-the-middle attacks (79 per cent), IoT threats (77 per cent), and printer firmware attacks (76 per cent).”

The report notes three developments in ransomware:

  1. Victim shaming is on the rise, with over 35 gangs utilizing quite a lot of strategies starting from “leak sites” to threats of publicity on social media. This technique is lower than two years outdated however appears to be a part of the mainstream of ransomware assaults.
  2. Ransomware as a Service can be rising, which fuels a big potential development within the variety of attackers. It permits specialised teams or gangs to develop the software program and even to have the infrastructure to take funds and leak knowledge, however permits virtually anybody with even restricted assets and technical abilities to mount an assault.
  3. Ransomware attackers are exploiting zero day vulnerabilities an increasing number of. The report notes 42 totally different zero day vulnerabilities in main exploits in 2021. Since a zero day vulnerability is one {that a} vendor has not recognized or offered a patch for, the sophistication of the analysis that these teams are doing is spectacular and threatening.

The full report will be downloaded at this link (registration required).

Three consumer responses – Apathy, Frustration and Circumvention 

If an engaged and educated consumer inhabitants is without doubt one of the best defences in opposition to ransomware, the statistics from a report from HP Wolf Security paint a dismal image. The stats are organized into three classes – apathy, frustration, and circumvention.

One statistic alone ought to set off alarm bells. One third of these surveyed admitted to makes an attempt to bypass safety. That is, nonetheless, solely one in every of many alarming numbers within the report:


  • 39 per cent of workplace employees surveyed aged 18-24 had been uncertain of the prevailing knowledge safety insurance policies in place at their work
  • 36 per cent of workplace employees surveyed had been given coaching on the way to shield their house community
  • 54 per cent of workplace employees surveyed aged 18-24 had been extra frightened about deadlines than exposing the enterprise to a knowledge breach


  • 48 per cent of workplace employees surveyed aged 18-24 thought safety insurance policies are a hindrance
  • 37 per cent of workplace employees surveyed mentioned safety insurance policies and applied sciences are too restrictive
  • 48 per cent of workplace employees surveyed mentioned safety measures lead to lots of wasted time


  • 31 per cent of workplace employees surveyed aged 18-24 had tried to bypass safety

We know that the majority cybersecurity breaches require an motion or an omission or a mistake on the a part of an worker. That has led to a lot larger emphasis on worker coaching. Unfortunately, regardless of all of these efforts, little progress seems to have been made. According to those outcomes, staff view cybersecurity as an obstacle and never a safety for his or her enterprise.

The variety of new ransomware variants is climbing

 The variety of new variants in ransomware is rising at an alarming fee.  Last week we mentioned new variants, together with Lilith and omega, in addition to some “upgrades” to present variants. This week, two new main ransomware threats had been recognized.

One, known as Luna, is a part of a brand new development of ransomware that may encrypt units operating a number of working programs – Windows, Linux and ESXi programs.

Discovered by Kaspersky safety researchers through a darkish net ransomware discussion board advert noticed by the corporate’s Darknet Threat Intelligence energetic monitoring system, Luna ransomware seems to be particularly tailor-made for use solely by Russian-speaking menace actors. That, and the identify “Luna” which is Russian for “moon”, makes it possible that this has been developed and unfold from Russia.

While the researchers famous that this variant seems to be nonetheless “under development”, with what they termed “limited capabilities”, the cross-platform nature of this ransomware presents a brand new sort of menace.

The group developed their software program in Rust, which permits it to port to a number of platforms with little or no change to the supply code. The researchers famous that “both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version. The rest of the code has no significant changes from the Windows version.”

Using a cross-platform language not solely makes it extra simply unfold, however might allow it to evade automated static code evaluation.

Kaspersky says there’s little or no knowledge on what victims, if any, have been encrypted utilizing Luna ransomware, provided that the group has simply been found and its exercise remains to be being monitored.

Holy Ghost

The Hacker News published a piece on a North Korean group that has been linked to ransomware assaults focusing on small companies since September 2021.

The group calls itself H0lyGh0st after the ransomware of the identical identify. It was recognized by the Microsoft Threat Intelligence Center and labeled as DEV-0530 beneath new and growing threats. It goals primarily at small-to-midsize companies together with manufacturing, banks and monetary organizations, faculties, and even different segments like occasion and assembly planning firms.

The group is reputed to attempt to not solely encrypt knowledge, however to threaten firms with launch of information on social media.

Holy Ghost is in search of quantities between 1.2 and 5 bitcoins, inserting the common ransom someplace between US$30,000 and US$50,000. It’s an quantity that will be potential for a small enterprise to pay. Whether this pricing technique will work is an open query, as researchers couldn’t establish any funds made to the group’s cryptocurrency pockets.

Their darkish net portal mirrors messaging from an earlier ransomware known as Goodwill, in that it says it’s to “close the gap between the rich and poor” and “help the poor and starving people.”

The group is energetic and rising, and researchers have recognized 4 variants of the H0lyGh0st ransomware.

Source link

Comments are closed.