Table of Contents Raas Groups Payment Rates Types of Ransomware Attack Vectors & TTPs Industries Impacted Following the FBI disruption of BlackCat ALPHV in Q4, a global Law Enforcement Agency (LEA) consortium also successfully disrupted the LockBit Ransomware-as-a-Service (RaaS) organization which included sanctions on two members of the LockBit organization. While neither of these operations have completely shuttered BlackCat or LockBit, the show of force by LEAs was effective in shaking the confidence of ransomware affiliates and RaaS developers. The actions demonstrated that threat acto ..read more

Table of Contents Ransomware Bans Payment Rates Types of Ransomware Attack Vectors & TTPs Industries Impacted As the year turns, and weary defenders begin to worry about what new threats will present themselves in 2024, the conversation of ransomware payment bans has resurfaced. This is not a new debate and resurfaces from time to time, so we decided to unpack this issue.  Why would a country consider a ban? The rational answer to this question is that a government would enact a ban because they truly believe the policy would minimize ransomware payments and compel cybercriminals to c ..read more

Table of Contents Scattered Spider Payment Rates Types of Ransomware Attack Vectors & TTPs In Q3 of 2023, several high profile attacks against the gaming industry and other large enterprises were carried out by “Scattered Spider”, aka UNC3944, aka Scatter Swine aka, Muddled Libra, aka Roasted 0ktapus aka possibly sometimes BlackCatALPHV or Rhysida, aka a group of globally distributed teenagers… Attribution is hard in this industry. While we are using a smidge of humor to draw attention to the dilemma, the reality is trying to fit these types of attacks into a perfect box for the sake of ap ..read more

Table of Contents Cyber Extortion Opportunity Cost Curve Types of Ransomware Attack Vectors & TTPs Industries Impacted In the second quarter of 2023, the percentage of ransomware attacks that resulted in the victim paying, fell to a record low of 34%. The trend represents the compounding effects that we have noted previously of companies continuing to invest in security, continuity assets, and incident response training. Despite these encouraging statistics, ransomware threat actors and the entire cyber extortion economy, continue to evolve their attack and extortion tactics. Understandin ..read more

Table of Contents Average Ransom Payment Types of Ransomware Attack Vectors & MITRE ATT&CK Tactics Industries Impacted Midway through Q1 the winds of progress shifted, and we observed a material increase in attacks on large enterprises that achieved levels of impact that we had not observed since before the Colonial Pipeline attack in May 2021. In 2019 and 2020 it was fairly common to see large enterprises become completely paralyzed by ransomware encryption. This evolved in the quarters that followed the Pipeline attack. We highlighted the key reasons for ransom payment contraction la ..read more

Table of Contents Average Ransom Payment Data Exfiltration Types of Ransomware Attack Vectors & MITRE ATT&CK Tactics Companies Targeted The cat and mouse game between ransomware affiliates and defenders spilled into new arenas of combat in Q2 of 2022. The looming question “What will happen once Conti disappears?” was answered rather quickly; nothing really changed except for name plates. The diaspora of Conti affiliates that was precipitated the Conti Leaks / Russian - Ukrainian invasion, were absorbed by existing and new Ransomware-as-a-Service (RaaS) groups such as Black Basta, Black ..read more

One of the critical components to addressing the problem of ransomware is data aggregation. A recently passed law, the Cyber Incident Reporting Act, provides a key element to data aggregation: mandatory incident reporting. The staff of the HSGAC has also performed some critical research into the topic by publishing two reports. One is a case study on the impact of ransomware attacks on US companies. The other focuses on the ransomware money laundering process and the use of cryptocurrency.  We had the opportunity to provide testimony and answer questions to the HSGAC recently. We have pos ..read more

Table of Contents Average Ransom Payment Big Shame Hunting Types of Ransomware Attack Vectors MITRE ATT&CK Tactics Companies Targeted No Silver Bullets, Just Pressure and Time In the fight against ransomware, there is no magic bullet or single solution that will fix ANY aspect of this problem. Much as there is no single way to secure a network, there is no single method to make the unit economics of cybercrime worse for attackers. This is a double edged sword. For constituents that are in this fight for the long haul, the complexity of the problem actually allows for many levers to be test ..read more

Before the start of the Russian / Ukraine war, there had been steady, yet fragile improvements to contract the scope of ransomware attacks. Law enforcement operations had been ramping up, with multiple arrests, disruptions and seizures. Even Russia had shown a glimmer of cooperation by arresting several high profile members of a notorious ransomware group.  Since the invasion of Ukraine, these trends have been overwhelmed by new warnings of direct cyber attacks from Russian State actors or targeted wiper attacks spilling out of the conflict. While these risks are very real, the socio-econ ..read more

Table of Contents Average Ransom Payment Data Exfiltration Types of Ransomware MITRE ATT&CK Tactics Attack Vectors Companies Targeted Costs of Attacks When the history books on ransomware are written, 2021 will be viewed as a red-letter year in the evolution of the fight against cyber extortion. Although there are no silver bullets in this fight,  it DOES feel like a number of positive developments have aggregated noticeable pressure on the rise of ransomware attacks. As discussed on prior write-ups, we attribute this to the confluence of four factors: The Biden Administration’s exe ..read more