Ransomware Forensics Research Reveals Cybercrime Tradecraft Secrets

Causes ransomware to infect businesses. Research on hacking techniques provides useful advice to organizations on how to avoid this increasingly common form of cyber attack. Malware is a strain and other components. The proliferation may be due to the emergence of affiliate programs that employ low-skilled cyber criminals. Ransomware attacks have increased at an alarming rate in recent years. Ransomware Forensics Research

Basic scam – decryption infiltrates the system before robbing victims to pay for the key. And encrypting data – so profitable. Partly due to the increasing utility and value of cryptocurrency which has variety. And a growing cybercrime ecosystem has evolved.

Setting the scene

Security Scorecard analytical research, presented at the VB2021 security conference last week, reports that 20 different ransomware families are threatening to publicly expose data belonging to companies that are unwilling to pay the ransom demanded by the cybercriminals.

Invaders typically used tor domains. Was to reveal the identities of the infected companies. They also try to download the stolen files before starting the encryption process. Researchers from the US-based Security Scorecard scoured Tor websites maintained by attackers for intelligence on attacks against unpaid victims. The company looked at ransomware-related data breach websites. And compiled a list of companies that fell victim to ransomware.

Happy families?

About 750 companies saw their data leaked as a result of a ransomware infection between March and May 2021, according to the work of the Security Scorecard team. Conti, Abaddon, and Ravil were the most common vectors of these leaks, but several other ransomware families were also involved.

The same researchers dug up unused command and control domains related to particular ransomware families in order to obtain a secondary source of data for active ransomware attacks. Ransomware infects systems through other malware families or exploits kits, exposed network services, software vulnerabilities, and spam campaigns that deliver messages contaminated with malware, among other techniques.

For example, Emotet malware infections are “strongly correlated” with ransomware infections, finding researchers contacted after analyzing network traffic sent to malware command and control servers Cobalt Strike. a legitimate penetration testing tool with dual-use capabilities – is frequently used by ransomware authors, according to Security Scorecard. By correlating the victims of these malware families and exploit kits, the entities running these vulnerable services, as well as the entities that have poor email hygiene with the victims of ransomware attacks, we can estimate the risk that these exposures have added to the likelihood of ransomware infection, the firm said. The Daily Swig has asked the Security Scorecard a number of questions about its research, but we have yet to hear from researchers. We will update this story as more information becomes available.