Ransomware Groups Get Smaller and More Social

Ransomware Groups get Smaller and More SocialThe Colonial Pipeline ransomware attack of 2021 put infrastructure operators on notice that they were directly in the crosshairs of big ransomware gangs. The reaction of law enforcement seems, however, to have also put the gangs on notice that their ability to operate with impunity isn’t what it used to be. The big criminal operations seem to be breaking up. That’s not because they’ve gone straight. It’s because they’ve realized that they’re more vulnerable than they used to be.

The gang that hit Colonial Pipeline, DarkSide, disrupted the pipeline’s operation, but the FBI was able to claw back most of the ransom Colonial paid and also in turn to disrupt DarkSide’s own operations. In June of 2021, citing the pressure it was under from US law enforcement, the DarkSide group announced that it was closing down its operation.

Another high-profile ransomware gang, Conti, drew a great deal of hostile attention to itself when it announced, in February of this year, that it was firmly in Moscow’s corner with respect to Russia’s war against Ukraine. That didn’t sit well with some of the gang’s sometime collaborators whose sympathies lay with Ukraine, and critics doxed the gang’s internal chatter. The embarrassment (and the risk) were severe enough that Conti, after a last hurrah committed against Costa Rican government networks and resources in May 2022, seems to have begun winding up its operations by the third week of that month. There was more heat than a large criminal gang could withstand.

But the former members and affiliates of big ransomware gangs are evidently deciding that they can strike out on their own, without the specious coverage of a big umbrella group. Recorded Future’s Allan Liska explained to Tech Monitor why this is so. “They know the operations in and out,” he said. “They know how to do the negotiations. They know how to make code adjustments and all that other stuff. So, they’re fine without a big umbrella group to support them.”

And the new splinter gangs think they have an advantage, and that advantage is social engineering. Yelisey Boguslavskiy, of Advanced Intelligence told Tech Monitor, “As one of the actors said during internal communications, ’We can’t win the war on the technology side because we’re competing with companies that have budgets of tens of billions of dollars. We can never win that, but we can win the social side of things.’”

The social side of things is the speciality of new-school security awareness training. Social engineering will be the focus of the new ransomware gangs, and that new-school training can help make them more resistant to their ministrations.

TechMonitor has the story.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 22 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 23 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Ransomware

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews