Ransomware attacks are a unique challenge in today’s business environment.
They are extremely dangerous and unpredictable.
Although you know the perpetrators’ intentions are malicious; you will not know what they are until you are attacked.
You can do your best to avoid ransomware attacks by reviewing your Ransomware Preparedness regularly. You are fully aware, however, that only effective incident response will protect you.
While trying to strengthen your defences, you are simultaneously practising what you will do if you’re attacked with Ransomware Tabletop exercises.
Ransomware protection and prevention continue to be a complex mix. However, one tried-and-true strategy will always work: Knowing your enemy.
This week, we will be focusing on 5 ransomware groups as part of our continuing series of educational blogs about ransomware protection.
Understanding their past attacks, motives, and methods can help us improve our ability to deal with them and similar criminals.
Famous Ransomware Companies
Pandora: Pandora was launched in March 2022 after successfully targeting several high-profile targets, including Denso Corp., the second-largest automotive parts supplier in the world.
Pandora typically infects files and locks them, leaving a note encouraging the victim to call them for the key. Pandora’s strategy is “double extortion” when the threat actor infiltrates and encrypts the victim’s sensitive information and then offers the decryption keys only after the ransom has been paid.
Many researchers believe Pandora may be a rebranding of Rook ransomware, as their Tactics, Techniques and Procedures have a lot to do with each other.
Ransomware groups often rebrand themselves or create new aliases when they are under scrutiny. Rook might have rechristened themselves as Pandora to avoid being too scrutinized.
LockBit ransomware: LockBit, a highly malicious program that targets vulnerable targets and spreads the infection to all networks, encrypts data and identifies sensitive information. LockBit is usually used to attack larger businesses and government agencies rather than individuals.
BlackCat Ransomware: BlackCat is now widely acknowledged as a growing threat and a good example of the Ransomware-as-a-Service (RaaS) scourge.
BlackCat is also one of the few ransomware groups that use the modern programming language ‘Rust. This allows it to be evaded by traditional security solutions, which still have a lot of work to do with analyzing this language.
BlackCat has already caused quite a few ripples by 2022. The Moncler ransomware attack on Moncler, an Italian fashion house, was one of the most well-known. Although the attack started late last year and ended in January, the ransomware group accessed the company’s data when it failed to make the $3 million ransom payment.
Lapsus$: A teen-led ransomware organization, Lapsus$ has been implicated in several high-profile attacks. According to the ransomware group, it has breached Nvidia’s and Ubisoft’s systems, among others.
It was most recently in the news for compromising Okta’s internal network and gaining access to the source code to Microsoft products Bing and Cortana.
Vice Society: Vice Society is ransomware that encrypts the victim’s data and gives decryption access only when the ransom is paid. Vice Society was targeting schools and government agencies in 2022.
The group attacked Missouri School and leaked sensitive information, including social security numbers, because the school didn’t pay enough ransom.
Similar data was also released on UK’s Durham Johnston School students and teachers. The school refused to pay the ransom.