Why it issues: As ransomware stays a prevalent safety risk, a vital step in countering attackers is figuring out their strategies. Safety researchers discovered that a number of of essentially the most prolific teams share a major proportion of their techniques, doubtlessly making them extra predictable.
A brand new report from safety firm Kaspersky reveals that eight of essentially the most energetic ransomware gangs function with very comparable patterns. Evaluation, digital forensics specialists, and different safety staff might use these similarities to determine and struggle these attackers extra effectively.
The report analyzes the techniques, methods, and procedures of (TTP) of the ransomware teams Conti/Ryuk, Pysa, Clop (TA505), Hive, Lockbit 2.0, RagnarLocker, BlackByte, and BlackCat. VentureBeat notes that these eight gangs have attacked over 500 organizations in varied industries within the US, the UK, and Germany within the final yr. Kaspersky constructed an attention-grabbing chart itemizing dozens of steps in ransomware assaults and indicating which attackers endure every step. None of them are distinctive to 1 group.
For example, all of the teams like to start out by attacking exterior distant providers, whereas solely half additionally open with phishing. All of the gangs are likely to favor targets like Home windows Administration Instrumentation, command and scripting interpreters, software layer protocols, net protocols, signed binary execution, and others.
Widespread steps like stopping system restoration or encrypting essentially the most impactful information appear apparent. Nevertheless, a few of the least prevalent techniques contain BITS jobs, lifting account credentials from password shops, or getting them from net browsers.
Early in June, a Foxconn facility in Mexico suffered an assault from Lockbit 2.0. Different latest ransomware victims embody QNAP, Asustor, and Nvidia.