Ransomware Gang Attack Tactics Have Shifted

A recent analysis of the ransomware group Meow raises the notion that groups are evolving from using encryption as a tactic to more profitable and cost-effective methods.

At the end of the day, ransomware is a business. Those behind the malware used in ransomware attacks typically seek to make money, whether that be directly from the victim organization or by way of a nation-state paying for the gang’s services.

And as with any business, there’s a need to run operations predictably and profitably. Which means it’s necessary to look at how the business operates and look for ways to streamline costs, increase productivity, and charge more, when possible.

The recent analysis by security vendor BitDefender of the Meow ransomware group highlights a shift in attack tactics we’ve all been aware of but never quite took notice.

In the article, they point out that Meow, like other ransomware groups, have moved away from encryption in favor of exfiltration, data leak extortion, and selling of the stolen data. The reason?  As BitDefender puts it, “cost and complexity of operations.”

Think about it: it costs time and money to build encryption software, code to evade detection, scripts to find and delete backups, etc. Instead, all ransomware gangs need to do is become really good at initial access and lateral movement in an effort to find and extract valuable data – all, of which, is far less costly to achieve.

Data can potentially be sold multiple times – something that is more likely than an organization definitely paying the asked ransom - increasing revenues and making the operation as a whole more profitable.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.