Privacy and security experts commented on news that the Ragnar Locker ransomware group is running ads on Facebook to pressure victims to pay.
Ragnar Locker malwarehttps://t.co/gG5XBZ7VSm— _Pease_ (@pease_k_night) November 10, 2020
Ragnar Locker malwarehttps://t.co/gG5XBZ7VSm
We have seen a growing trend in the professionalisation of cyber crime. As these organisations grow, they are beginning to adopt many of the tactics of non-criminal companies such as advertising and public relations. This is an example of exactly that. Large ransomware organisations benefit from using public communication channels both to influence victim behaviour and to establish themselves as big players in the cybercrime space.
While I hesitate to say I am entertained by the creative methods that the bad actors of the world are using to pressure companies to pay after a ransomware incident, I will admit I am intrigued.
The Ragnar Locker gang\’s hacking of a Facebook account to place ads on the social network to publicly pressure Campari to pay could be a new effort by the bad guys to use what could best be called \”Facebook shaming\” to get companies to admit there had been a hack, and to pay up. These moves could bring increased pressure from the customers of affected companies to pay up to protect their data.
As we move into 2021 we will continue to see ‘big game’ ransomware attacks continue. Often the actual ransomware attack isn’t the primary infection, generally there is an initial campaign and infection followed by a stealth period while the attacker probes and looks for vulnerabilities to exploit. This can be weeks, sometimes months before an exploit is found or an escalation of privileges can happen. This gives an organisation a ‘window’ of opportunity to be able to spot an attacker before they reach the final stages of the attack.
One clear way to do this is by deploying behavioural analytics to spot abnormal user behaviour before it causes real problems. Security teams need to spend less time managing the systems and more time addressing the threats. Additionally, utilising automation to allow the security team to focus only on the severe or real threats can further strengthen security posture. These can both help reduce the burden on security teams, bring better visibility and allow them to respond and react faster to all types of attacks.
I’m not surprised to see activity like this from Ragnar Locker and would expect more of the same from them and other ransomware actors in the future. It’s well documented that the majority of data breach victims don’t report attacks despite regulatory and statutory obligations to do so.
Campari Group may well have reported this attack but criminal organizations will always seek to exert maximum pressure for minimum effort in order to force their victims to pay up. Making their successful attacks public before anyone has the chance to implement an incident response plan is unfortunately an easy way to speed up the process as regulators, law enforcement and customers will all be seeking assurances that things will be resolved to their own satisfaction. That’s an awful lot of pressure for any victim organization and this kind of activity should be factored into security response protocols as soon as practicably possible. It won’t take long for the criminal community to figure out the benefits and increase their exploitation accordingly.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics