Ransomware: Authorities fear evil is here to stay

Ransomware has not stopped worrying Internet users, and you only have to take a look at the news to realize: this week, a law firm working with victims of the Charlie Hebdo trial saw their data released by a ransomware group that paralyzed your computer. system during the summer. We can also cite the city of Annecy, which is fighting ransomware for the second time after a first attack in late 2020. These cases add to the long list of victims of this malware, whose activity is particularly on the rise during the last two years.

The blur, but an obvious growth

Faced with this observation, a report from the Ministry of the Interior tries for the first time to assess the evolution of ransomware attacks targeting institutions and companies. The figures in this report are based on complaints registered by the police and gendarmerie in recent years in order to provide an overview of the threat, despite the gray areas that remain over the actual number of victims.

Thus, the Ministry of the Interior observes a 32% increase in cases of ransomware during the years 2019 and 2020, for an estimated total of between 1580 and 1870 complaints related to this type of attack between 2016 and 2020. In the only year 2020, The Ministry of the Interior estimates the number of complaints between 380 and 460. Figures that must be taken in retrospect, because victims of this type of aggression do not always file a complaint. The report also analyzes the victims and finds that the main companies attacked by the attackers are companies in the commercial, transport, hotel and restaurant sectors, which represent 23% of the registered victims. But this category of businesses represents a greater part of the economic fabric of the country, so they are mechanically more numerous in the count of victims. On the contrary, the industrial sector that represents only 7% of the industrial fabric alone represents 15% of the identified attacks.

The other category of victims highlighted by the ministry’s report is the public administration sector, which accounts for 20% of registered victims and which experienced a three-fold increase in attacks during the 2019/2020 period.

0.3% of respondents

Given this, the police action is struggling: the report indicates that of 1,870 procedures registered in the period from 2016 to 2020, only 6 defendants were registered in the police files, or 0.3% of all cases. However, the report’s authors recall that some long-term investigations do not indicate anyone involved until the case has been closed, but the figure remains eloquent.

Among the other reasons given by the report to explain these difficulties in apprehending the perpetrators of the attacks, the authors of the report recall the growing specialization of the cybercriminal ecosystem that complicates investigations, as well as the difficulties encountered in matters of police cooperation in companies. . . involving suspects located abroad, in countries that sometimes refuse to work with investigators.

Hypervisors in the viewer

The Anssi and its German counterpart have also chosen the topic of ransomware for their fourth joint report. Proof that the issue is taken very seriously by the two cybersecurity agencies. This report in English looks at the top recent trends in ransomware. The two agencies thus detail the different techniques used by attackers to infiltrate the computer systems of their victims, from a simple phishing email containing malicious software to the exploitation of a poorly secured RDP (Remote Desktop Protocol) access through attacks in the supply chain.

Among the developments pointed out by the authors of the report, the agencies highlight the development of ransomware software targeting the VMWare Esxi server, a method called “hypervisor jackpotting” that aims to exploit flaws in this software used to implement virtual environments. The German BSI explains that it has observed the use of ransomware targeting this type of software in the second half of 2020, attributed to the Defray777 software also known as RansomExxx.

More Charybdis than Scylla (and especially not both)

The other trend the report examines is the use of “leak sites” – websites generally hosted on a TOR service hidden by ransomware groups to claim attacks and distribute stolen data. The Anssi thus explains having identified a total of 31 sites of this type in June 2021, compared to a few in 2019 If the Maze group is generally recognized as one of the first cybercriminal groups to have popularized this type of technique, the report Remember that this was not exactly the first time: in May 2019, a few months before the appearance of the Maze group, the city of Baltimore already had to face similar threats after a ransomware attack on its services.

But the continued growth of leak sites confirms that these tactics are here to stay, even leaving the report’s authors to consider that “data exfiltration could replace data encryption in the future.” As an example, the agencies recall recent cases of exploiting flaws in Accellion FTA instances by the ransomware group Clop: in several cases, cybercriminals did not bother to encrypt victims’ data and were content to demand ransoms so as not to Spread the stolen data through this channel. However, the agencies welcome the efforts of the police in dismantling networks such as Egregor or Emotet, but in the latter case, recent news shows that the end of the tunnel is still far away.

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button