The world of cybercrime: the gangs behind ransomware attacks

The most worrying and prevalent cyber threat businesses have faced in the past 5 years have been ransomware attacks. In a recent report it was found that 37% of respondents had been hit with a ransomware attack in the past year. Unfortunately, these numbers are increasing year on year and, unless businesses have systems in place, they will likely fall victim to an attack at some point. 

This massive rise in ransomware attacks have been attributed to several high-profile ransomware gangs that distribute the malicious software to a network of affiliates to extort money from their targets. 

In this article we will delve into the world of cybercrime and explore the principal ransomware gangs, the future of cybercrime, and how businesses can avoid falling victim to a ransomware attack.

What is a ransomware attack?

Ransomware is a cyberattack that uses malware to encrypt a business’ data and hold them at ransom, not giving the encryption key until the ransom is paid. While the data is encrypted, employees are unable to access files, databases, IT systems or applications. This malware is designed to spread throughout a system, encrypting every file on a business’ network, often causing significant downtime. These attacks generally use a phishing email to initiate the exploit and malware infection. 

Hot off the press! Get our latest whitepaper on hybrid working and cyber security here >

The most prevalent ransomware gangs

The three most prevalent ransomware gangs are REvil, Conti and Darkside. REvil is a ransomware-as-a-service operation. They developed a ransomware toolkit and recruit affiliates to launch ransomware for them, taking a cut of the profits. This year they have been responsible for 13.5% of all attacks, including an attack on a company in Apple’s supply chain, Quanta. REvil stated that in 2020 they profited over $100 million from their ransomware attacks.

In 2021, Conti was responsible for 13.5% of all ransomware attacks. This gang has been operational since 2018 and in that time has been ruthless with their attacks, including attacks on the education sector and the Irish Healthcare system. The average Conti ransom payment is currently over $400,000 and incidents typically last over 15 days.

The third most prevalent ransomware gang is DarkSide. It is a relatively new group, but has swiftly risen in notoriety, being responsible for 11.5% of all ransomware attacks in 2021. What sets DarkSide apart from other ransomware gangs is their reputation for operating ‘ethically’ and once vowed never to target any public infrastructure. However, DarkSide was infamously responsible for the Colonial Pipeline attack earlier this year, not as ethical as they claim. The group is more professional than other ransomware gangs, and even has a customer service division to ensure its victims’ systems are restored correctly. 

The future of cybercrime

As ransomware continues to be a lucrative industry for cybercriminals, it is likely that these attacks will only become more prevalent. In the past year, more ransomware gangs have been working together to share tactics and ransomware toolkits. Some gangs are even working together to infect targets at the same time, in an attempt to receive two pay outs on the ransom.

A worrying trend of the past year is that ransomware gangs are not just targeting large enterprises and multinationals. SMEs are also a target. Although the ransom values may be less for a smaller business, these organisations are less likely to have comprehensive security, making them an easy target.

How to protect your business from ransomware attacks

To protect your business from a ransomware attack, the three primary concerns to address are update and patch management, email security and the implementation of a disaster recovery plan.

Most ransomware attacks work by exploiting vulnerabilities within software. Keeping all devices, software and antivirus protection up to date significantly reduces the chance of falling victim to an attack. Whenever an update is available, all employees should run them immediately, and there should be systems in place to ensure that employees do not postpone updates and patches for longer than necessary.

As most ransomware attacks start with a phishing email, emphasis should be placed on email security. Employees should have phishing awareness training to be able to spot a potential phishing attempt and be aware that they should not open an email or click on an attachment from an unknown sender. However, this should not be the only line of email defence. Solutions such as Mimecast Email Security can quarantine any potential phishing email, ensuring that it does not land in an employee’s inbox.

If a business does fall victim to a ransomware attack, it is important to have recent backups and a comprehensive disaster recovery plan in place. Although this does not stop the attack, it greatly reduces the amount of downtime after an attack. You can also avoid paying out a costly ransom if you are happy to revert to the most recent backup.

The past 5 years have shown that all businesses are at risk of a ransomware attack, regardless of size or industry. If your business doesn’t have security measures in place, now is the time to strengthen your security posture before the inevitable happens. If you want to find out more on how to keep your business safe from an attack, get in touch today.

We are ISO 27001 accredited!

Cloud Business has recently secured ISO 27001 accreditation. Find out more about this standard and the benefits to our customers in this article.

Cloud Business logo white
Microsoft Gold Partner Logo - Cloud Business

Cloud Business Limited
8 North Street
Guildford
GU1 4AF

2021 © Cloud Business Limited
Registered Company in England and Wales 06798438