Ransomware gangs use methods similar to state-sponsored cyberattackers and have focused their targeting on more lucrative potential victims, according to cybersecurity researchers.
As ransomware gangs hit key victims such as a pipeline company and food producers in the first six months of 2021, cybersecurity firm Trend Micro said it observed that cyber attackers were turning into more criminal enterprises. mature whose attacks “appear to be attacks by nation-states”. [advanced persistent threat] attacks. “
“Cybercriminal groups have adopted more sophisticated business models and adopted new technologies to create effective and stealthy ransomware attacks,” says Trend Micro’s “2021 Midyear Cybersecurity Report”.
“These advanced attacks have certain characteristics that separate them from traditional ransomware activities: data exfiltration rather than simple encryption, covert online collaboration, extensive use of affiliate programs and targeting of APT-type victims, among others,” the security company reported on Tuesday.
Trend Micro said it saw significantly fewer ransomware threats in the first half of 2021 than in the first six months of 2020.
“Our data shows that over 7.3 million ransomware threats were detected in the first six months of 2021, almost half the number of detections we found during the same period in 2020,” indicates the report.
“Several factors may have contributed to this decline. First, it signals the shift to the more targeted modern ransomware that we have analyzed, which implies that attackers are moving from the less efficient, quantity-oriented ransomware model to hunting big game.
Other factors, according to Trend Micro, may have deterred cyber attackers, including governments around the world taking action against ransomware operations, attention to the DarkSide ransomware gang causing others to shut up, and threats stopped before. that they do not reach people.
Ransomware threats measured by Trend Micro included threats in emails, malicious files, and URLs.
Trend Micro isn’t the only company to see fewer ransomware threats in 2021. In its Q1 2021 report released in June, cybersecurity firm McAfee said it had seen “smaller” campaigns.
“More and more attackers have moved from massive campaigns to fewer but more lucrative targets,” McAfee’s June report read. “Most of these larger targeted victims received a personalized variant of the low-volume ransomware family. “
Some cybersecurity professionals believe that measuring ransomware threats is hampered by a given company’s limited view of the threat landscape and is diminished by poor information sharing.
Brett Callow, threat analyst at software company Emsisoft, said a key metric that matters for ransomware tracking is the number of successful attacks, which he said has been “fairly stable for quite some time.”
“Like legitimate businesses, cybercrime businesses produce as much as they can, but are limited by personnel and infrastructure limitations. The overall threat landscape and the volume of attacks are changing, but not quickly, ”Callow said in an email. “That said, ransomware does have a seasonal aspect, with the total number of global incidents increasing at certain times of the year. However, the peaks do not necessarily occur in the same months or quarters every year. The main thing is that fluctuations in numbers are perfectly normal. “
Fewer ransomware threats also don’t mean less danger and can actually mean the opposite. Successful ransomware gangs collected multi-million dollar payments in the first six months of 2021, while previous widespread attacks may have amassed lower returns from less funded victims.