© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

How ransomware has got more sophisticated, and why you need to worry


Human-operated ransomware is a new, tailor-made attempt to lock up your files.

Ransomware continues to be a blight against vulnerable IT users worldwide, with a near-doubling of the volume of attacks between 2021 and 2020. Cybersecurity company NCC Group recorded a 93% rise in the number of attacks launched against individuals, showing that the scale of the problem continues to give cause for concern.

It can be easy to forget that ransomware is a relatively new phenomenon still on the rise, and the potential of the exploit hasn’t yet reached its limit. At present, most ransomware attacks are far from targeted: instead, they’re spray and pay attacks, where hackers launch a strain of ransomware into the wild that they hope will infect as many computers as possible and wait to see what their potential rewards are. It’s a haphazard approach that still likely nets those involved a bumper payday but isn’t as efficient as it can be.

With the concept of ransomware a proven business model for cybercriminals, they’re starting to move on to a new vector of ransomware attacks that shun the idea of sending out strains and praying to hit the jackpot, and instead tailoring it to specific would-be victims in the hopes of maximizing the potential returns. And it’s this which is causing concern for those tracking cybercrime.

A worrying new trend

The concerning new trend was picked up by Microsoft, which warned of the risks of the ransomware-as-a-service gig economy, which it calls human-operated ransomware. The attacks are “one of the most impactful threats to organisations,” Microsoft writes.

The company used the term “human-operated ransomware” to make clear that this is far from the old spray and pray attacks of days gone by. Now humans are tracking and tailoring how an attack unfolds at every stage based on what they find in a target’s network.

“Unlike the broad targeting and opportunistic approach of earlier ransomware infections, attackers behind these human-operated campaigns vary their attack patterns depending on their discoveries – for example, a security product that isn‘t configured to prevent tampering or a service that’s running as a highly privileged account like a domain admin,” Microsoft writes.

That’s a worry because it shows malicious intent and the fact that would-be victims are now engaged in a cat-and-mouse game, where attackers are taking an active interest in the IT system architecture of their business in order to try and earn the most money possible.

Repeat victims at risk

It also causes a headache for organizations trying to get back on an even keel once they’ve fallen victim and either decided to pay the ransom to unlock their files or to move on and start afresh.

“Human decision-making early in the reconnaissance and intrusion stages means that even if a target’s security solutions detect specific techniques of an attack, the attackers may not get fully evicted from the network and can use other collected knowledge to attempt to continue the attack in ways that bypass security controls,” warns Microsoft.

There’s the real risk of being doubly extorted: falling foul of a ransomware strain, paying to have your files unlocked, then realizing that in the time that the hacker spent inside your system and monitoring it, they’ve understood another vulnerability that they return to – or worse, one they note down and try to sell on as part of the ransomware-as-a-service economy to another hacker.

“Giving in to the attackers’ demands doesn’t guarantee that attackers ever ‘pack their bags’ and leave a network,” writes Microsoft. “Attackers are more determined to stay on a network once they gain access and sometimes repeatedly monetize attacks using different malware or ransomware payloads if they aren’t successfully evicted.”

It may all seem hypothetical, but it isn’t. Over the course of six months, Microsoft analyzed 2,500 potential target organisations. They found 60 of them were hit with a ransomware attack, of which 20 were successfully breached.

It means that it’s more important than ever to not just look at your initial line of defense against hackers but also to ensure your systems are designed and architected in such a way that they’re guaranteed to be secure. After all, now your attacker isn’t simply hitting and running: they’re going in, taking a look, and seeing what else they can exploit.


More from Cybernews:

Are you scared of a robotic future? You might have robophobia

Android spyware uncovered by threat watchdog

Elon Musk discusses layoffs and aliens in Twitter staff address

US disrupts Russian botnet targeting IoT devices

Web 5: all Jack should know about digital identity but is too afraid to ask

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked