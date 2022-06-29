AMD said it is investigating a potential data breach after RansomHouse, a relatively new data cybercrime operation, claims to have extorted data from the US chipmaker.
In addition to the fact that RansomHouse are focussing on large enterprises with weak security, Dr Darren Williams at ADX and ransomware prevention specialists, Blackfog notes that if an attacker wants to make their way in, they will, regardless of how weak or strong your password is, as their main focus is the data that leave with…
We haven’t yet seen evidence of the attack on AMD, but RansomHouses’ recent attack on the Shoprite Group in South Africa would indicate that they are focused on large organisations with weak security. As with all cyberattacks it really doesn’t matter how the bad actors found their way in, weak passwords or otherwise, if they want to find a way in they will be successful! What really matters is what data they were able to leave with.
Extortion is the main focus for cybercriminal gangs and organizations should look to newer technologies like anti data exfiltration to stop them in their tracks and prevent any unauthorised data from being exfiltrated.
RansomHouse itself has claimed that they are neither behind breaches nor do they develop or utilize any ransomware as part of their efforts. But it’s hard to trust the word of the group, who may be trying to shield themselves from being lumped into a category of ransomware and becoming a bigger target through law enforcement operations.“Even with the success of double extortion, whereby ransomware groups encrypt files within a network and steal files and threaten to leak them on the dark web, the extortion factor appears to have become the central point amongst extortion groups like RansomHouse and Lapsus$.
“As the Conti ransomware group began to fold up its operations, part of its grand plans included splintering into several ransomware groups, including those that are extortion-focused like BlackByte and Karakurt.
“As we highlight in our recent Ransomware Ecosystem report, ransomware groups have evolved over the years, adopting a business-like approach to their efforts and forging business partnerships with other players in the ecosystem, like affiliates and initial access brokers. It remains to be seen if this trend towards an extortion-only focus will become part of its natural evolution.
Cybersecurity adversaries come in all shapes and sizes, with all kinds of motivations. Recently, RansomHouse has been engaging with a cyber twist on victim shaming. They claim that “the culprits are those who did not put a lock on the door leaving it wide open inviting everyone in. Organisations who have poor cybersecurity do not deserve to be victims. If you were walking past a house and saw the door open, what would you do? You would not enter the house uninvited, and you would not steal a TV or jewellery just to prove that the house’s owner was not following good security practices.
Ransomware is a business. While RansomHouse’s attitude might be unusual, their methods and motivations are as common and mercenary as any other criminals. For organisations that are not actively working to improve their cybersecurity posture, RansomHouse is another wake-up call in a long, long parade of wake-up calls. Every business is a software business. Software security risk is business risk and must be managed, just like any other kind of risk.