School’s in Session: 3 things to learn from the Ransomware 'Renaissance'!
Welcome to ‘The Friendly Hacker’ newsletter - the latest in cybersecurity analysis and insights. I'm Keren Elazari, your friendly neighborhood hacker & tour guide, here to take you through this brave new world. In this month’s newsletter, It’s a Back-to-School Special: Decoding the Ransomware Renaissance!
PS: For my upcoming speaking engagements check out the list at the end :)
Welcome to the Ransomware Renaissance: an era where cyber crime innovations are outpacing our defenses and criminals can re-invent their business model on a daily basis. This year, Ransomware groups proved to us they are moving faster than ever, taking a no-holds-barred approach. In fact, 2024 might be the best year ever for ransomware groups, with several very high-profile attacks that had huge payouts like
a huge $75 million payment from an unknown victim paid to the secretive Dark Angels ransomware group. These criminal groups specialize in “big game hunting” - going after global, larger businesses , healthcare and critical infrastructure as those are likely to pay higher ransoms.
This year also saw some major law enforcement actions against Lockbit and BlackCat, but it seems to have done little to stop the ransomware tide:
The FBI is still searching for Dimitry Yuryevich Khoroshev: the alleged kingpin of Lockbit’s ‘Ransomware As A service’ Empire. Meanwhile, BlackCat successfully resurrected their operations in February 2024 with a hefty 22$ million ransom from Change Healthcare - and then proceeded to scam their own affiliates in March 2024.
And while the top cats are plotting their return on the scene (perhaps with another rebrand) group like Cl0p, Play, RansomHub and Akira are bolder than ever as they fiercely compete for a piece of the ransomware pie. This ‘churn’ and fragmentation is also incentivizing criminals to be more creative and clever , thus fueling the next wave of the renaissance. So what CAN we learn here? Here are 3 lessons to be more prepared for the future:
Go FAST or go home: speed of exploitation is a key factor leading to the success of many criminal ransomware campaigns, like Cl0p & Akira who have been known to pounce on their targets, turning vulnerabilities into working exploits and active ransomware campaigns within days and even HOURS sometime.
So what? So we HAVE to move faster in order to patch or protect against exploits weaponizing newly discovered vulnerabilities. One way to do that is to use tools like CISA’s KEV to prioritize critical patching!AI is helpful (for baddies) : criminals aren’t shy or hesitant to use AI to automate and accelerate attacks, creating more effective malware and more elaborate, well written and personalized phishing campaigns So we need to fight FIRE with FIRE - use AI and automation wherever possible, to help uncover threats, identify phishing emails and stop malware from spreading. To do that well? We need to understand how AI can help defenders. Here’s a good place to start..
Continuous product evolution - Ransomware players and in particular, Ransomware-as-a-Service platforms are constantly offering new features to their affiliates like improved encryption algorithms that use ‘intermittent encryption’ for faster deployment, new evasion techniques, and they even invest in improving and updating their “customer support” to better facilitate ransom payments and decryption. The lesson here is that we need to ADAPT and do things differently, learn about new tools and technologies, and come up with ways to leverage the existing tools we have in creative ways! Here’s one creative project I like, finding source code re-use by bad guys and using that as a defensive toolset!
If you’d like to learn more about these topics, and hear me speak LIVE , sign up for FREE to some of my upcoming talks for some fresh content 📗 🍏 :
September 5: CloudBound online - Speaking about using AI for cybersecurity
October 10: MSPGlobal “Insights From A Hacker” - Live & in person at PortAventura, Barcelona
And where will you go? What are your plans for the fall season and 2025 ?
Let me know :)
PS: Coming up on next months’ newsletter - Why are cyber criminals more aggressive than ever in 2024? And what surprises will Halloween bring? I’ll share my insights in October :)