Table of Contents Scattered Spider Payment Rates Types of Ransomware Attack Vectors & TTPs In Q3 of 2023, several high profile attacks against the gaming industry and other large enterprises were carried out by “Scattered Spider”, aka UNC3944, aka Scatter Swine aka, Muddled Libra, aka Roasted 0ktapus aka possibly sometimes BlackCatALPHV or Rhysida, aka a group of globally distributed teenagers… Attribution is hard in this industry. While we are using a smidge of humor to draw attention to the dilemma, the reality is trying to fit these types of attacks into a perfect box for the sake of ap ..read more

Table of Contents Cyber Extortion Opportunity Cost Curve Types of Ransomware Attack Vectors & TTPs Industries Impacted In the second quarter of 2023, the percentage of ransomware attacks that resulted in the victim paying, fell to a record low of 34%. The trend represents the compounding effects that we have noted previously of companies continuing to invest in security, continuity assets, and incident response training. Despite these encouraging statistics, ransomware threat actors and the entire cyber extortion economy, continue to evolve their attack and extortion tactics. Understandin ..read more

Table of Contents Average Ransom Payment Types of Ransomware Attack Vectors & MITRE ATT&CK Tactics Industries Impacted Midway through Q1 the winds of progress shifted, and we observed a material increase in attacks on large enterprises that achieved levels of impact that we had not observed since before the Colonial Pipeline attack in May 2021. In 2019 and 2020 it was fairly common to see large enterprises become completely paralyzed by ransomware encryption. This evolved in the quarters that followed the Pipeline attack. We highlighted the key reasons for ransom payment contraction la ..read more

Table of Contents Average Ransom Payment Data Exfiltration Types of Ransomware Attack Vectors & MITRE ATT&CK Tactics Companies Targeted The cat and mouse game between ransomware affiliates and defenders spilled into new arenas of combat in Q2 of 2022. The looming question “What will happen once Conti disappears?” was answered rather quickly; nothing really changed except for name plates. The diaspora of Conti affiliates that was precipitated the Conti Leaks / Russian - Ukrainian invasion, were absorbed by existing and new Ransomware-as-a-Service (RaaS) groups such as Black Basta, Black ..read more

One of the critical components to addressing the problem of ransomware is data aggregation. A recently passed law, the Cyber Incident Reporting Act, provides a key element to data aggregation: mandatory incident reporting. The staff of the HSGAC has also performed some critical research into the topic by publishing two reports. One is a case study on the impact of ransomware attacks on US companies. The other focuses on the ransomware money laundering process and the use of cryptocurrency.  We had the opportunity to provide testimony and answer questions to the HSGAC recently. We have pos ..read more

Table of Contents Average Ransom Payment Big Shame Hunting Types of Ransomware Attack Vectors MITRE ATT&CK Tactics Companies Targeted No Silver Bullets, Just Pressure and Time In the fight against ransomware, there is no magic bullet or single solution that will fix ANY aspect of this problem. Much as there is no single way to secure a network, there is no single method to make the unit economics of cybercrime worse for attackers. This is a double edged sword. For constituents that are in this fight for the long haul, the complexity of the problem actually allows for many levers to be test ..read more

Before the start of the Russian / Ukraine war, there had been steady, yet fragile improvements to contract the scope of ransomware attacks. Law enforcement operations had been ramping up, with multiple arrests, disruptions and seizures. Even Russia had shown a glimmer of cooperation by arresting several high profile members of a notorious ransomware group.  Since the invasion of Ukraine, these trends have been overwhelmed by new warnings of direct cyber attacks from Russian State actors or targeted wiper attacks spilling out of the conflict. While these risks are very real, the socio-econ ..read more

Table of Contents Average Ransom Payment Data Exfiltration Types of Ransomware MITRE ATT&CK Tactics Attack Vectors Companies Targeted Costs of Attacks When the history books on ransomware are written, 2021 will be viewed as a red-letter year in the evolution of the fight against cyber extortion. Although there are no silver bullets in this fight,  it DOES feel like a number of positive developments have aggregated noticeable pressure on the rise of ransomware attacks. As discussed on prior write-ups, we attribute this to the confluence of four factors: The Biden Administration’s exe ..read more

As we enter 2022, the evolution of Ransomware-as-a-service (RaaS) continues to be a driving force in the growth and permanence of financially motivated ransomware attacks. As we think about where the RaaS model may go in 2022, it is important to take a look backwards at the history of RaaS through a traditional economic / innovation framework.  As we have often discussed, RaaS developers and affiliates have much more behavioral similarities to rational business operations than hardened criminals. Since RaaS operations traverse the same economic forces that legitimate business or industry ..read more

Table of Contents Average Ransom Payment Data Exfiltration Types of Ransomware MITRE ATT&CK Tactics Attack Vectors Companies Targeted Costs of Attacks As of publication we are well into National Cyber Security Awareness month and this past quarter has seen an unprecedented amount of domestic and international activity from government and law enforcement to counter the operations of ransomware actors. Despite these initiatives, ransomware actors continue peppering enterprises with more attacks than ever. What we are doing is not working, at least not yet. Why?  The profits ransomware a ..read more