Sunday, November 24, 2024
HomeMalwareRansomware Operators Partner With Hackers to Attack High profile Organizations

Ransomware Operators Partner With Hackers to Attack High profile Organizations

Published on

Let’s first get the old news out of the way. Ransomware is a hornet’s nest. Well, now to the latest news. Ransomware operators are now partnering with hackers to attack high profile organizations.

What is Ransomware?

Ransomware is a method whereby cybercriminals unethically gain remote access to an organization/user’s system, prevent the data from being accessed and demand a hefty ransom for the organization/user to regain access to their data.

Over the past few months, a horde of organizations ranging from hospitals to schools to corporations have been battered by incessant ransomware attacks.

- Advertisement - SIEM as a Service

Once an organization’s security has been compromised, the organization very often has little option but to cough up the ransom. The lack of sufficient repercussions has caused new groups of attackers to sprout all over the place.

Ransomware-as-a-service (RaaS) crews have grown exponentially over the years. There are now a group of attackers whose very names are synonymous with RaaS and strike fear in the hearts of the organizations.

To add to this, there are also now several challengers to the throne who have risen stronger, having learnt from their past mistakes.

An area which has for long remained an enigma is now having some light shed on it where the Ransomware operators looks to partner with the hackers.

Tier 3: The New Kid on the Block

As can be seen from the below table, the newer crews hardly have any noteworthy accomplishments to date and neither do they run a blog of their attacks.

NameDate DiscoveredNotable IncidentsMarkets SoldBlog
CVartek.u45Mar-20NoneTorumNo
ExorcistJul-20NoneXSSNo
GothmogJul-20NoneExploitNo
LolkekJul-20NoneXSSNo
MuchloveApr-20NoneXSSNo
NemtyFeb-201XSSYes
RushJul-20NoneXSSNo
WallyFeb-20NoneNulledNo
XINOFJul-20NonePrivate Telegram channelNo
Zeoticus1.0 Dec. 2019, 2.0 Sept 2020NoneXSS/Private channelsNo

Tier 2: The Challengers to the Throne

 They have been linked to quite a few confirmed attacks and have managed to name and shame the victims who refuse to pay a ransom.

NameDate Discovered Attack claimsMarkets SoldBlog
AvaddonMar-20 Under 10ExploitYes
ContiAug-20 142PrivateYes
ClopMar-20 Over 10N/AYes
DarkSideAug-20 Under 5ExploitYes
Pysa/MespinozaAug-20 Over 40N/AYes
RagnarDec-19 Over 25ExploitYes
RanzyOct-20 1Exploit & XSSYes
SunCryptOct-19 Over 20MazafakaYes
ThanosAug-20 Over 5RaidNo

Tier I : The Powerhouses

These are variants that are responsible for a large number of attacks. These variants have raked in millions of dollars in ransoms.

DoppelPaymer – Has been around since 2019. Florence City in Alabama was affected by this a couple of months back and has been covered in detail here.

Eregor/Maze – The crew behind Maze recently announced the shutting down of their operations having wreaked havoc on IT giant Cognizant’s security systems earlier in the year.

Netwalker – First detected in September 2019, and has gained prominence very rapidly since then. It has recently resorted to using phishing emails levergaign the fear of COVID-19 to install it’s malware in the victim’s system.

REvil – First detected in April 2019, and it is one of the most active crews in recent history, taking credit for attacks on UK based financial service provider Travelex and several other entertainment and media based firms.

Ryuk – The name that strikes fear in every organization’s hearts. This year, Ryuk has threatened the US healthcare sector in a massive way

Will the new kids on the block be just a thorn in the side or end up becoming a powerhouse eventually? Will the challengers to the throne overthrow the current powers or just be swatted aside? One can only wait and watch.

You can also read the complete ransomware mitigation checklist

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as...

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to...

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade...