The Top 5 Ransomware Groups to Be Aware Of

Ransomware attacks hold a unique place among all other organisational issues in the modern company environment.

They cause a great deal of harm and are completely unpredictable.

Even while you are aware that the attackers have harmful objectives, you won't fully understand what those intentions are until after you have been attacked.

By regularly assessing your ransomware preparedness, you may make every effort to thwart ransomware assaults. While investing your resources on prevention, you are fully aware that excellent incident response is likely to be the only thing keeping you safe.

In other words, as you're doing your best to strengthen defences, you're also practising what you'll do if you come under attack from ransomware tabletop exercises.

Knowing your enemy is a tried-and-true tactic that always works in the face of ransomware prevention and protection becoming an increasingly complex mix.

This week, as part of our continuous series of informative posts on ransomware prevention, we're concentrating on the five main ransomware organisations that are now causing havoc around the world.

Knowing about them, comprehending their prior attacks, motives, and tactics can potentially move us one step closer to enhancing our ability to combat them and other criminals who behave similarly.

Five renowned ransomware groups

• Pandora:

 After successfully picking off a number of high-profile targets, including Denso Corp., the second-largest global supplier of automotive parts, Pandora entered the public eye in March 2022.

A file is often infected and locked by Pandora, which then leaves a note urging the victim to contact it for the decryption key. The strategy used by Pandora is known by researchers as "double extortion"; it involves the threat actor stealing and encrypting the victim's sensitive data and providing the decryption key only after the ransom is paid.

Numerous experts also think that Rook ransomware may have been rebranded as Pandora because of the similarities between its tactics, techniques, and procedures (TTPs).

When they are the subject of too much attention, ransomware gangs frequently rebrand or create new identities. If at all, that is the reason Rook might have changed its name to Pandora.

• Lock Bit Ransomware:

• 
  
  
   LockBit is a very evil piece of software that locates weak points in a network's defences, infects other systems, and encrypts data on all of them. Instead of single targets, LockBit is typically employed for highly focused attacks on larger corporations and governmental agencies.

Because of the file extension it utilised to encrypt a victim's data, LockBit was scanned in 2019 under the name ".abcd virus."

LockBit has been effective in launching significant attacks against the French Ministry of Justice, American tyre giant Bridgestone, and French electronics multinational Thales Group just in 2022.

• BlackCat Ransomware:

The plague of ransomware-as-a-service, now generally recognised as a growing menace, is best exemplified by BlackCat (RaaS).

One of the few ransomware families created in the cutting-edge programming language "Rust" is BlackCat. This makes it harder for it to be discovered, especially by older security systems that are still learning how to decipher this language.

In 2022, BlackCat has already had a significant impact. One of the most well-known BlackCat ransomware attacks targeted the Italian clothing brand Moncler. Although the attack started late last year, the company's data was disclosed by the ransomware organisation in January of this year when it failed to pay the $3 million demanded as ransom.

An alleged BlackCat attack in February 2022 seriously damaged the German energy companies Oiltanking and Mabanaft. When the systems of the two sister organisations were compromised, 233 petrol stations around Germany were impacted. In an internal study, the Federal Office for Information Security (BSI) said that the BlackCat ransomware organisation was responsible for the attack.

• Lapsus$:

This ransomware organisation, purportedly led by teenagers, is thought to be responsible for some recent high-profile attacks. The ransomware organisation claims to have infiltrated companies including Samsung, Ubisoft, and Nvidia.

It most recently gained attention for breaching the internal network of Okta, a provider of authentication services, and accessing the source code of Microsoft products Bing and Cortana.

Because Okta services are used by numerous businesses and customers all around the world to secure their identities, the size of this breach and its potential effects were considerable. However, the ransomware group uploaded screenshots to demonstrate that it had gotten access to customer data and to brag about its capacity to change passwords and access admin panels. This group did not expose the company's important data.

Allegedly, the ransomware gang exposed 40 GB of Microsoft's data in the Microsoft case. Microsoft affirmed that no customer code or data had been hacked and underlined that it does not in any way rely on the secrecy of the code to decrease risk.

Since their attacks entail data theft and threats of leaks if ransom payments are not made, many researchers and security experts prefer to refer to Lapsus$ as an extortionist organisation.

• Vice Society:

This ransomware group encrypts the data of its victims and only allows access to the decryption key when the ransom is paid. In 2022, Vice Society will target numerous government and educational institutions.

After assaulting Missouri School, the organisation released private data, including employee social security numbers, because it seemed that the ransom demand was insufficient.

Similar methods were used to disclose the personal information of teachers and students at Durham Johnston School in the UK when the institution declined to pay a ransom.

The Italian city of Palermo was most recently added to Vice Society's list of victims. Due to the need to shut down all internet-based services in order to mitigate the damage, this attack had an impact on 1.3 million residents and visitors in the city.

Conclusion

Even though this list only scratches the surface of Ransomware groups' awareness, it serves as a reminder that these organisations are becoming more numerous and sophisticated with each passing second. Additionally, the growth of ransomware-as-a-service makes it possible for anyone with even the most basic skills to download a kit online and launch an assault on your company.

The purpose of this article is to emphasise the urgent need for organisations to increase their ransomware readiness, not to incite fear. A ransomware readiness assessment is a fantastic place to start if you want to find out exactly where you stand in terms of technological and training preparedness.

A Ransomware Readiness Checklist that addresses 9 essential topics is one of the ready-to-use materials we also offer, and using it can help you become more prepared right away.

Today, it should be a top priority to train workers on how to respond to ransomware. The likelihood of your company or organisation being compromised is very high, as shown by the prior cases.

Given these recent occurrences, it's critical that your IT staff and incident response team understand how to respond quickly and minimise damage when cybercriminals attack. For quick memory in chaotic situations, download and print our Ransomware Response Workflow and Ransomware Response Checklist.