Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Ransomware: These four rising gangs could be your next major cybersecurity threat

Friday, August 27, 2021

Categories: ASCF News Cyber Security

Comments: 0

Source: https://www.msn.com/en-us/money/other/ransomware-these-four-rising-gangs-could-be-your-next-major-cybersecurity-threat/ar-AANJoHB

 Image: Getty Hands typing on a laptop keyboard.

The ransomware threat is growing: What needs to happen to stop attacks getting worse?
Watch Now
Cybersecurity researchers have warned of four emerging families of ransomware that could pose a significant cybersecurity threat to businesses.

Ransomware remains one of the key cybersecurity threats facing businesses around the world as cyber criminals try to compromise networks and encrypt them to demand ransom payments, which can amount to millions.

This lure of potentially easy money attracts cyber criminals of all levels towards ransomware, from specialist ransomware gangs who keep the malware for themselves, to ransomware-as-a-service groups who lease out their illicit product to low-level malicious hackers who want to get in on the action.

In recent months, some significant ransomware operators have seemingly disappeared. But that doesn't mean that ransomware is any less of a problem – new groups are emerging to fill the gaps.

Cybersecurity researchers at Palo Alto Networks have detailed four upcoming families of ransomware discovered during investigations – and under the right circumstances, any of them could become the next big ransomware threat.

One of these is LockBit 2.0, a ransomware-as-a-service operation that has existed since September 2019 but has gained major traction over the course of this summer. Those behind it revamped their dark web operations in June – when they launched the 2.0 version of LockBit – and aggressive advertising has drawn attention from cyber criminals.

According to researchers, LockBit has compromised 52 organisations around the world since June. Perhaps most notably, criminals using LockBit compromised Accenture, although the company was able to restore from back-ups without needing to pay a ransom.

The rise of LockBit hasn't gone unnoticed, as Australia's Cyber Security Centre has posted an alert warning organisations about the threat.

But LockBit isn't the only form of ansomware that's on the rise – AvosLocker ransomware first appeared in July and offers a ransomware-a-as-service scheme that includes the operators taking care of negotiating ransoms.

The group has compromised several organisations around the world, including law firms in the United States and the United Kingdom. Like other ransomware groups, AvosLocker leaks stolen data if a ransom isn't paid.

Ransom demands following AvosLocker attacks are relatively low for ransomware in 2021, standing at between $50,000 and $75,000. But unlike many other ransomware groups that demand a payment in Bitcoin, AvosLocker asks for it in Monero – a cryptocurrency designed to be anonymous. Monero isn't as high-value as Bitcoin, but the added anonymity means that it's more difficult to trace cyber criminals who use it.

Another new player in the ransomware market is Hive ransomware, which was first seen infecting organisations in June 2021. The attackers behind it also leverage stolen data and double extortion to coerce victims into paying the ransom.

In total, Hive has so far claimed 28 victims – including healthcare providers – in attacks that have the potential to disrupt patient care. This sort of cavalier attitude to the wellbeing of the general public could make Hive a dangerous ransomware threat.

The fourth emerging threat detailed by researchers is a twist on an established form of ransomware. Hello Kitty ransomware first appeared in December 2020 and primarily targeted Windows systems. Now, researchers have identified a new version of Hello Kitty that targets Linux systems, opening a whole new platform for cyber criminals to target.

"Ransomware not only is after Windows systems – now with the Hello Kitty variant targeting ESxi, they are trying to get a whole different market that wasn't explored before," Doel Santos, threat intelligence analyst at Unit 42, Palo Alto Networks told ZDNet.

Organisations around the world have been targeted with this variant of Hello Kitty, which alters ransom demands depending on the target. The criminals have demanded as much as $10 million in Monero from one victim – although the operators are also open to accepting payment in Bitcoin.

The rise of these ransomware groups just goes to show that, even as established groups seemingly disappear, new players rise to take their place. Many of these will adopt the tactics and techniques of successful ransomware outfits that came before them to make attacks as effective as possible.

"Many more prevalent groups paved the way for these smaller groups to emerge, giving them a business model to follow to carry out operations. That's another reason why we see these emerging ransomware groups leverage double extortion approaches, which has become the standard since Maze ransomware," said Santos.

No matter what type of ransomware cyber criminals are using, it represents a major threat to businesses. To help protect networks from falling victim to ransomware attacks, it's recommended that security patches are applied in a timely manner to prevent criminals exploiting known vulnerabilities. Multi-factor authentication should also be applied to all users to provide an extra barrier to attacks exploiting stolen or leaked usernames and passwords as an entry point.

It's also recommended that businesses regularly update and test their backups – and store them offline – so if the network does fall to a ransomware attack, there's the ability to restore it without having to pay the ransom.

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.