Ransomeware and Top 5 Online Gangs
Ransomware attacks are increasing in all countries. The level of activity of gangs is becoming more and more sophisticated because they not only attack domestic organizations and companies, but also blatantly rage around the world. REvil’s recent global ransomware attack on Florida-based software provider Kaseya is a case in point.
Ransomware attacks are growing exponentially in size and demand for ransom. Understanding who these groups are and what they want is critical to bringing them down.
Here are the top 5 online gangs today.
Today’s Leading Online Gang – DarkSide
DarkSide is the group behind the May ransom attack on the Colonial Pipeline that crippled the Colonial Pipeline’s fuel distribution network, raising concerns about gasoline shortages.
DarkSide, which was released in August 2020, openly admitted that its malware was used by employees in the case of the Colonial Pipeline attack. The group is transformed into a modern internet Robin Hood – making money with the rich and even donating to charity.
Ransomware platforms, like the one used in the Colonial Pipeline attack, often operate in a double or triple extortion routine, charging for both the decryption key to unlock the company’s files and servers and a ransom to destroy something stolen Data.
The organization is part of a long-known criminal group in the cybersecurity world from Russia and the countries of the former Soviet Union, as well as from North Korea, China, Syria and Iran.
Today’s Leading Online Gang – REvil
Ransomware group REvil is currently attracting attention due to the ongoing Kaseya incident as well as another recent attack on global meat processing company JBS. This group was particularly active in the 2020-2021 period.
In April, REvil stole specs on unreleased Apple products from Quanta Computer, a Taiwanese company that assembles Apple laptops. A ransom of $ 50 million was requested to prevent the stolen data from being published. It is not yet known whether this amount has been paid or not.
Today’s Top Online Gang – Clop
Clop ransomware was developed in 2019 by a group of financial firms responsible for raising half a billion dollars.
The unmistakable way of running the Clop Group is “double blackmail”. It targets organizations with a ransom in exchange for a decryption key that will restore the organization’s access to stolen data. However, the targets would then have to pay an additional ransom in order not to make the data public.
Historical examples show that companies that pay a one-time ransom are more likely to pay it back in the future. So hackers tend to target the same organization and ask for more money each time.
This could mean teaching someone how to combine Distributed Denial of Service (DDoS) attacks and ransomware to put pressure on the negotiations. Ransomware would prevent a company from working with past and current orders, while a DDoS attack would block all new orders.
Today’s Leading Online Gang – The Syrian Electronic Army
The Syrian Electronic Army has carried out online attacks to promote political propaganda since 2011. With this motive, they were called the warring group.
Although the group has ties to Bashar al-Assad’s regime, it is more comprised of online citizens trying to become a media outlet for the Syrian military.
Their technique is to spread fake news through reputable sources. In 2013, a single tweet they sent from the official account of the world’s leading news agency, the Associated Press, had the effect of wiping billions of dollars from the stock market.
Today’s Top Online Gang – FIN7
FIN7, another group based in Russia, is arguably the most successful online crime organization of all time. The group has been active since 2012 and mainly operates as a company.
FIN7 specializes in attacking companies in order to gain access to financial data or PoS infrastructure. The group operates with sophisticated social engineering online phishing campaigns. For example, before sending malicious documents, they can exchange dozens of normal messages with their victims to ward them off.
In most of the cases, the attacks use malicious documents with macros to install malware on the victim’s computer and scheduled tasks to keep it working continuously. Then it receives the modules and executes them in system memory. In particular, we saw modules for crawling, downloading additional malware, taking screenshots, and storing another instance of the same malware in the registry (if the first was detected). Of course, cyber criminals can create additional modules at any time.
In early 2017, FIN7 was accused of being behind an attack on companies that had made records available to the US Securities and Exchange Commission. This confidential information was mined and used for ransom money, which was then invested in the stock market.
Join our Facebook group and Telegram group Coincu News to chat with more than 10,000 other people and exchange information about the crypto currency market.
Important NOTE: All content on the website is for informational purposes only and does not constitute investment advice. Your money, the choice is yours.