The power of brand in ransomware
A recent report from Telus noted that ransomware “attackers are strategic adversaries who perform detailed reconnaissance before launching attacks. They gather information about financials and insurance coverages to gauge the ability of a victim to pay a certain amount.…
Sourced from the study which can be downloaded from www.telus.com/RansomwareStudy. (Registration required)
We noted from various sources this week that ransomware companies were not only strategic in their thinking, but they also clearly understood the how important brand image is. In today’s world of ransomware, your brand may help to make you a victor or a victim.
What’s next? 30 minutes or free?
A recent article from SLATE made the case that ransomware as a business really began in 2015 when the gang behind the SamSam ransomware began offering “prompt, reliable customer service to its victims.” The article goes on to point out that “when a SamSam decrytor didn’t decrypt a network, victims would receive a polite apology from the group that just moments ago was threatening to annihilate their entire business.” Further, a fully functioning tool would be waiting in their inbox the next day.
Charles Carmakal, chief technology officer of cybersecurity firm Mandiant, was quoted as saying that “providing something akin to five-star customer service for their victims changed the game for ransomware operations.”
The early days, according to Evan Wolff, a lawyer specializing in cybersecurity, were characterized by “low-value targets, low payments and low degrees of confidence. When victims gave in and paid for a decryption tool (about $40,000 to $100,000), they would only get back 50 per cent of their networks.”
Today, according to Carmakal, victims are more likely to be fully restored. They are also less likely to suffer data leaks and are “buying a guarantee that all their trade secrets would stay out of competitors’ hands, that they wouldn’t incur the wrath of regulators and clients for failing to secure their personal information, that their private internal communications wouldn’t end up on tomorrow’s front page.”
This attention to “customer service” and reputation for reliability, along with a much more careful researching of their “customer’s” ability to pay has leveraged this “industry” and raised the ransom demands from the tens of thousands and into the millions.
The article raises a question. The success of these “big brands” has led to what can only be described as franchising, where other hacker groups rent or lease the tools and reconnaissance and then let other players do the actual ransoming and, presumably, take the great risk of being caught and prosecuted. Will these “franchisees” and new “independent operators” be as brand conscious? Will the large “brands” try to regulate or enforce behaviours? Will there be conflicts? Will companies get caught in the crossfire and double extorted?
Sourced from an article in Slate.com
Fool me twice?
Publishing giant Nikkei revealed that their Singapore headquarters was hit by a ransomware attack on May 13, 2022. They took immediate action, according to their press release, which notes “unauthorized access to the server was first detected on May 13, prompting an internal probe,” and further that, “Nikkei Group Asia immediately shut down the affected server and took other measures to minimize the impact.”
The company noted that it was investigating what, if any, customer data had been affected by the attack. They also issued an apology to their customers.
Nikei is the media group that acquired the Financial Times in 2015. It has four million print and digital subscribers and 40 affiliate companies in publishing, broadcasting and other media businesses.
Sadly, this is not the first highly publicized attack that the group has suffered. Two years ago, the company lost millions when a group of scammers, posing as Nikkei executives, tricked an employee in their New York office into making a wire transfer for US$29 million to a bank account controlled by the scammers.
Sourced from an article in Bleeping Computer
Go big or stay home? Conti gang takes on Costa Rica
Returning to our theme of big brands and bigger targets, the Conti ransomware gang has taken on the government of Costa Rica and is pressuring it to pay a multi-million-dollar ransom. According to Cyber Security Today, the gang “claimed it is working with people inside the government. It also threatens to break into more IT systems and overthrow the government through cyber attacks.
While an Associated Press report quoted experts as saying that overthrowing the government is likely the gang’s goal, it does seem that the Conti gang feels it has the “brand” to be able to take on a national government.
Sourced from the podcast Cyber Security Today