Last month, a report surfaced (source: The Hacker News) about the arrest of another Scattered Spider ransomware suspect in the UK. The 17-year-old suspect adds to the list of young cybercriminals involved in these sophisticated ransomware attacks.
Scattered Spider, a notorious ransomware hacking gang, made headlines after attacking the MGM Grand in Las Vegas last September. The hackers demanded a $30 million ransom, but MGM refused to pay the hackers and ended up spending $100 million to restore its computer systems.
As discussed in previous posts, this gang primarily employs social engineering tactics, such as impersonation, to trick company employees into divulging password credentials. This allows the hackers to gain unauthorized access to the victim’s computer data and operations.
A recent article in The Times titled “How to defend against cyber spiders holding firms ransom” sheds light on ransomware hackers’ four steps to increase pressure on their victims to pay up.
The insights shared by the head of intelligence at the UK’s National Cyber Crime Unit are particularly instructive.
Hackers’ Extortion Pressure: Four Steps
- Traditional Extortion: The victim’s computer is encrypted, locking them out of their data.
- Double Extortion: Hackers threaten to release the data unless a ransom is paid.
- Triple Extortion: The hackers contact the victim’s customers, informing them that their data has been stolen and may be disclosed if the company does not pay the ransom.
- Quadruple Extortion: A “denial of service” attack is executed to disrupt the victim’s operations further.
How to Combat the Threat
In response to these escalating threats, firms must adopt active defense strategies. As emphasized in The Times article:
“Firms need to be updating software, using strong passwords and multi-factor authentication, and ensuring that staff are aware and have training on things like phishing.”
“There’s a big human dimension to online security,” Lyne added. “If you’ve got negligence, sloppiness, or untrained people, then you’re as vulnerable as if you had no online security at all.”
Over three years ago, I wrote a post titled “Why Employees Must Be Hacker Detectors,” which stressed the importance of cybersecurity training. Here’s an excerpt:
Cyber Detection Training
What is the most effective defense against this type of cyber intrusion? Training.
Personnel must continuously be educated to recognize the signs of potential intrusion. In this short video, “Phishing Tricks Crooks Use to Make You Open Malware Email Attachments,” a cybersecurity expert explains, “People are the new perimeter.”
Malware Detection Proficiency Evaluation
I would argue that personnel should be evaluated, in part, on their ability to detect signs of potential intrusion and their response capabilities. If an employee does not test well, this should be considered.
What’s the benefit of having an employee who is a terrific worker if they cannot prevent devastating malware from entering your organization?
Employees need to become “hacker detection profilers.” Organizations can significantly bolster their security perimeter by training employees to recognize hacker activity indicators and maintaining persistent training.
As another cybersecurity expert noted in his video titled, “EMOTET is Dead,” organizations should “really focus on behavioral detection as opposed to a signature-based approach, which bad guys are so well-schooled at avoiding nowadays.”
Final Thought
Non-attentive human behavior is the social engineering hacker’s bread-and-butter. To combat this, we must step up our game with continuous training. Training! Training! Training!
Disclaimer: IPProbe.Global is a service to the professional IP community. While every effort has been made to check the information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and is not intended to provide legal or other professional advice.
0 comments on “Ransomware: 4-Way Extortion Strategies”