Ransomware attacks are on the rise, affecting businesses, governments, and individuals around the world. These attacks involve encrypting the victim’s data and demanding a ransom for its release, often threatening to expose or delete the data if the payment is not made. But who is behind these attacks, and what are their motives?
- REvil: This group, also known as Sodinokibi, is believed to be based in Russia or a former Soviet state. It is responsible for some of the largest and most disruptive ransomware attacks in recent history, such as those on meat processor JBS, IT firm Kaseya, and celebrity law firm Grubman Shire Meiselas & Sacks. REvil operates as a ransomware-as-a-service (RaaS) platform, meaning that it sells or leases its malware to other criminals who carry out the attacks and share the profits with REvil. REvil also runs a website where it publishes stolen data from its victims and negotiates with them. REvil’s ransom demands range from tens of thousands to millions of dollars, depending on the size and sensitivity of the target.
- DarkSide: Another RaaS group that emerged in 2020, DarkSide is also suspected of having ties to Russia or Eastern Europe. It gained worldwide attention in May 2021 when it attacked Colonial Pipeline, the largest fuel pipeline in the US, causing widespread gas shortages and panic buying. DarkSide claimed that it did not intend to cause such disruption and that it only wanted to make money. DarkSide also claimed that it had a code of conduct that prohibited attacking certain sectors, such as healthcare, education, and non-profits. However, these claims were met with skepticism by security experts and authorities. DarkSide shut down its operations shortly after the Colonial Pipeline attack, citing pressure from law enforcement and other hackers. However, some analysts believe that DarkSide may rebrand itself and resume its activities under a different name.
- Conti: Conti is another RaaS group that has been active since 2020. It is known for using a fast and stealthy encryption technique that can infect multiple devices on a network in minutes. Conti also employs a double-extortion strategy, where it not only encrypts the victim’s data but also exfiltrates it and threatens to publish it online if the ransom is not paid. Conti has targeted various sectors, including healthcare, manufacturing, retail, and government. Some of its notable victims include Ireland’s health service, Broward County Public Schools in Florida, and AXA insurance company. Conti’s ransom demands vary from $500,000 to $25 million, depending on the victim’s revenue and data value.
There are many more groups that operate with different names, tactics, and targets. Some of them may be affiliated with or sponsored by nation-states, while others may be independent or opportunistic criminals. Some of them may have ideological or political agendas, while others may be purely motivated by financial gain.
Ransomware attacks pose a serious threat to our digital security and resilience. Ransomware attacks can cause significant damage to businesses and organizations, disrupting their operations, compromising their data, and harming their reputation. Ransomware attacks can also affect individuals, who may lose access to their personal files, photos, and documents. Moreover, ransomware attacks can have broader social and economic impacts, affecting critical infrastructure, public services, and national security.
To protect yourself, you’ll need to take proactive and preventive measures to protect yourself from ransomware attacks. Some of the best practices that we recommend include:
- Backing up your data: Having a regular backup of your data can help you recover your files in case of a ransomware attack. You should store your backup in a separate device or location that is not connected to your network or the internet.
- Updating your software: Keeping your software updated can help you fix any vulnerabilities that may be exploited by ransomware attackers. You should install any patches or updates as soon as they are available for your operating system, applications, and antivirus software.
- Using strong passwords: Using strong and unique passwords can help you prevent unauthorized access to your accounts and devices. You should avoid using common or easy-to-guess passwords, such as your name, birthday, or pet’s name. You should also use different passwords for different accounts and change them regularly.
- Enabling multi-factor authentication: Multi-factor authentication (MFA) can add an extra layer of security to your accounts and devices. MFA requires you to provide more than one piece of information to verify your identity, such as a password and a code sent to your phone or email. You should enable MFA for any account or device that supports it, especially for those that contain sensitive or valuable data.
- Being cautious with email: Email is one of the most common ways that ransomware attackers deliver their malware. You should be careful when opening any email attachments or clicking on any links, especially from unknown or suspicious senders. You should also avoid responding to any email that asks for your personal or financial information, as it may be a phishing attempt.
- Educating yourself and others: Being aware of the latest ransomware trends and threats can help you stay alert and prepared. You should follow reputable sources of information, such as CISA or NIST, that provide cybersecurity guidance and updates. You should also share your knowledge and best practices with your family, friends, and colleagues, and encourage them to adopt good cyber hygiene habits.
By following these cybersecurity best practices, we can reduce our risk of falling victim to ransomware attacks and enhance our digital security and resilience. However, we should also remember that no system or device is 100% secure, and that ransomware attackers are constantly evolving and adapting their techniques. Therefore, we should always be vigilant and cautious when using the internet and technology, and report any suspicious or malicious activity to the relevant authorities. Together, we can fight back against ransomware and protect our data and devices.