security

Ransomware leaks have bred a new generation of cybercrime gang – Tech Monitor


Malicious source code leaked from established cybercriminal enterprises like LockBit and Babuk is breeding a new generation of rough and ready ransomware gangs, says a new report from Cisco Talos. According to a new report from the threat intelligence team, code that has been dispersed across dark web forums has been detected in dozens of cyberattacks against companies perpetrated by criminal enterprises that are sometimes only weeks old. Such leaks, the report argues, ‘are having a significant effect on the threat landscape, making it easier for novice or unskilled actors to develop their own ransomware variants without much effort or knowledge.’

https://blog.talosintelligence.com/code-leaks-new-ransomware-actors/
Leaked malicious code directly contributing to more RaaS gangs using code they couldn’t create themselves. (Photo by IanRedding/Shutterstock)

Dragon’s teeth

Ransomware is not easy to build. Indeed, writing software designed to evade complex corporate cybersecurity defences, exfiltrate data and then automatically demand a payment for its release is usually the preserve of talented software engineers. As such, explains the report, leaks of existing source code from major ransomware gangs ‘allows threat actors with minimum programming knowledge to modify and compile their own ransomware variants.’

According to the Cisco Talos report, at least four major ransomware gangs – Babuk, Conti, LockBit and Chaos – have seen valuable code published on dark web forums in recent years. Some of this has been intentional, says the authors, the product of one affiliate’s disgruntlement with another within the overall group. Many examples of leaks, however, have arisen as a result of operational error. Such was the case with the ransomware group Babuk in September 2021, when a series of internal mishaps released enough source code to power a fully functioning ransomware operation in its own right. Novice cybercriminals pounced. Babuk’s leaked source code has appeared in attacks perpetrated by at least ten new ransomware gangs.

Readers Also Like:  NCSC launches Cyber Incident Exercising scheme - NCSC.GOV.UK - National Cyber Security Centre

It’s not the only example of leaked source code spawning new ransomware operations. According to the Cisco Talos report, a spate of recent ransomware attacks can be traced back to the leaking of a ransomware builder called Yashma in May 2022, itself a rebranded version of a program leaked from the Chaos gang. A type of program that allows the user to customise ransomware, builder programs also afford the opportunity for neophyte cybercriminals to create their own variants with minimal effort. 

Another group called Buhti, meanwhile, has successfully deployed code leaked from both LockBit and Babuk to target Windows and Linux systems. New operations like these tend to charge smaller ransoms to release corporate data back to its owners, according to Cisco Talos, with sums ranging from a mere $3.50 to $4,390 in Bitcoin. According to the threat intelligence provider, this could be because such gangs are effectively ‘lone wolf operators,’ reluctant to make elaborate demands from their victims before they have fully tested the capabilities of the ransomware they have adapted from the leaked source code from larger rivals. 

How to mitigate these new risks

The fact that new groups are mushrooming as a consequence of leaked code shouldn’t be surprising, argues Vasileios Karagiannopoulos, co-director of the Centre of Cybercrime and Economic Crime at the University of Portsmouth. Nevertheless, it’s a useful reminder of how quickly the ransomware ecosystem can evolve – and how dangerous that process is for companies that neglect their cyber-defences.

Such risks can be mitigated, argues Karagiannopoulos, but only through a combined effort from both the private and public sectors. “Cybersecurity organisations and companies, ethical hackers and even governments can gain access to the code and try to provide patches and generate defensive measures in their software and security tools to counter the effects of new ransomware,” he says. “It is therefore important that the security community works together to tackle new code that comes to light quickly – ideally with investment from governments and international organisations.”

Readers Also Like:  UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach - TechCrunch
Content from our partners
AI will equip the F&B industry for a resilient future

Insurance enterprises must harness the powers of data collaboration to achieve their commercial potential

How tech teams are driving the sustainability agenda across the public sector

New solutions coming from the cybersecurity landscape, such as zero-trust, can also be used to counter the risks from the new ransomware gangs. Other solutions, says Karagiannopoulos, like “segmented structures, monitoring use patterns across all levels and layers, and regular and up-to-date cyber awareness training, are also important in order to reduce vulnerable attack vectors and become aware of the problem early on and minimise its impact.”



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.