Ransomware remains a serious threat to modern organizations as cyber criminals explore new tactics and extortion techniques. According to recent industry reports, ransomware payouts in the U.S. reached a record high in 2021, with more than $1 billion paid to threat actors. This trend is expected to continue in the years ahead, encouraging organizations to strengthen their defenses and protect themselves with Cyber Insurance.
Cyber security brokers play an important role in helping organizations manage ransomware risks. This article explores the latest tactics threat actors use to launch cyber attacks, so you can better protect your clients.
Tactics Evolve as Ransomware Payouts Increase
Threat actors have been shifting tactics to make ransomware attacks more profitable and successful in recent years. Several factors have caused this shift, including the rising popularity of hybrid work environments and the increasing value of personal data.
To understand how cyber criminals work, cyber security experts utilize innovative solutions like “honeypots.” Honeypots are fake attack surfaces designed to attract threat actors and gather information about their methods and tactics. In one industry study, honeypots recorded millions of data breach attempts in one month. Another honeypot revealed how threat actors launch ransomware attacks in multiple stages, compromising several machines across an organization for maximum financial gain.
Results from these honeypots illustrate the risks that businesses face amidst the evolving cyber threat landscape. By understanding how these criminals operate, cyber brokers can better protect their clients from cyber crime and costly ransomware payouts. Below, we explore the newest types of ransomware tactics used by cyber criminals to target organizations:
1. Advanced Email Phishing
Phishing emails appear to be from legitimate organizations and businesses and are designed to trick users into downloading infected files or offering sensitive information. While phishing and social engineering have been common methods to launch ransomware attacks in the past, they have evolved to become complex and hard to detect. These attacks no longer feature generic emails but personalized messages that appear to come from legitimate companies.
Threat actors employ automation tools to send personalized messages to increase the success rate of their attacks. According to a recent report, 84% of organizations experienced financial losses due to a successful email phishing attack in 2022. The report names Microsoft as the most abused name in phishing attacks, with more than 30 million phishing messages using the brand.
2. Telephone-Oriented Attack Delivery (TOAD)
In a TOAD attack, threat actors lure potential victims into contacting fraudulent call centers to install malware on their systems, steal sensitive information, and launch ransomware attacks. TOAD attacks have become more sophisticated in recent years as threat actors use spoofing techniques to make the call appear as if it is coming from a legitimate source, such as a bank or government agency. They may also use automated voice messages or interactive voice response (IVR) systems to convince the victim that a call is legitimate.
3. Adversary in the Middle (AitM)
This type of ransomware attack vector made headlines when it was launched to attack more than 10,000 organizations in 2021. In an AitM attack, threat actors pose as trusted entities, using fake websites to trick victims into revealing their login credentials. After gaining access to the user’s account, they can use it to install ransomware and encrypt sensitive data. These attacks have become more effective as threat actors find ways to bypass multifactor authentication on compromised accounts.
4. Evolving Extortion Techniques
The extortion techniques used by threat actors have also evolved, pressuring victimized organizations and their stakeholders to shell out ransomware payouts. For example, according to a HIPAA Journal report, ransomware gangs have started to threaten individual patients in the health care sector using their stolen data to extort money. Some threat actors conduct DDoS attacks on victims who refuse to cooperate, while others threaten to leak sensitive patient information in exchange for money.
5. Ransomware-as-a-Service (RaaS)
Ransomware-as-a-Service (RaaS) allows modern cyber criminals to gain access to ransomware software without creating their own malware. In this business model, ransomware developers offer their products, kits, or code to malicious actors in exchange for money. This service provides several advantages to attackers, including easy access to the latest ransomware software and technical support to launch their malicious campaigns.
RaaS has increased the number of ransomware attacks and diversified the threat landscape, making it harder for organizations, law enforcement, and government agencies to keep up with the evolving cyber risk landscape.
Help Your Clients Mitigate Ransomware Risks
New attack vectors and increasing ransomware payouts show the increased complexity and effectiveness of modern cyber attacks, highlighting the importance of robust security measures and Cyber Insurance. Help your clients mitigate the risks by partnering with ProWriters.
At ProWriters, we offer more than 20 years of industry expertise in Cyber Insurance and risk management. Our partner brokers gain access to helpful tools, resources, and our Cyber IQ Comparative Rate Platform, which allows you to quote multiple insurance carriers in minutes. Contact us today to learn more!