The threat group "RA World" (formerly RA Group) has shifted from country-specific ransomware attacks to include specific industries via a new - not previously seen - method of extortion.
I don’t like it when I hear about ransomware groups growing, but that's the case in TrendMicro’s new analysis of RA World ransomware. What was once through to be a smaller operation focused on attacks targeting organizations in South Korea and the U.S. is now evolving their operations to include countries in the EU, in Latin America, and other countries in Asia.
According to TrendMicro, the primary focus seems to be on organizations in the Healthcare and Finance sectors, using some advanced techniques to both speed up execution and avoid detection.
Source: TrendMicro
There is one more notable aspect of their attack – a list of recent victims who did not pay RA World’s ransom fee, a novel extortion tactics to, in essence, say “see what happens when you don’t pay.”
RA World gains initial access through either phishing emails or exploiting weak credentials – in either case, an organization’s users are at the crux of the attacks; by teaching users via new-school security awareness training good password habits and the importance of being vigilant when interacting with email and the web, the likelihood of a user aiding an attack unwittingly.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
