Ransomware operators are banding together says Cyber Threatscape report

Published: Friday, 18 September 2020 09:07

Positive Technologies has released its most recent Cyber Threatscape report, an analysis of Q2 2020 cyber incidents. The report says that there is increasing evidence that ransomware operators have started cooperating with each other.

In the second quarter of 2020, the number of attacks increased by 9 percent compared to the first quarter — and by 59 percent compared to the second quarter of 2019. April and May 2020 were record-breaking in terms of the number of successful cyber attacks, probably ‘the result of epidemiological and economic turmoil’. Significant world events consistently lead to increases in cyber crime, providing fertile ground for social engineering attacks. Among social engineering attacks in Q2 2020, 16 percent capitalized on the COVID-19 pandemic (compared to 13 percent in Q1). More than a third (36 percent) of such attacks did not target a specific industry, 32 percent targeted individuals, and 13 percent were aimed at government institutions.

The report shows that manufacturing and industrial companies are receiving a significantly larger share of attacks than before. Among attacks on organizations in Q2, such companies were targeted in 15 percent of cases, compared to 10 percent in Q1. Ransomware operators and cyber espionage APT groups are among those who seem to be the most interested in industrial companies.

Positive Technologies analyst Yana Avezova said: "Ransomware is one of the fastest-growing varieties of cyber crime. Groups now routinely threaten victims with publication of data if the victim fails to pay up. To sell the stolen data, many ransomware operators create special data leak sites where they publish a list of victims and the stolen information. Others publish the data on hacker forums. The operators of LockBit and Ragnar Locker went even further, teaming up with the ‘industry leader’ Maze. The Maze operators now publish data stolen by other groups on their data leak site. Together, the groups have formed the so-called Maze cartel."

More details.