Ransomware Groups Get Smaller and More Social

Stu Sjouwerman | Jul 25, 2022

Ransomware Groups get Smaller and More SocialThe Colonial Pipeline ransomware attack of 2021 put infrastructure operators on notice that they were directly in the crosshairs of big ransomware gangs. The reaction of law enforcement seems, however, to have also put the gangs on notice that their ability to operate with impunity isn’t what it used to be. The big criminal operations seem to be breaking up. That’s not because they’ve gone straight. It’s because they’ve realized that they’re more vulnerable than they used to be.

The gang that hit Colonial Pipeline, DarkSide, disrupted the pipeline’s operation, but the FBI was able to claw back most of the ransom Colonial paid and also in turn to disrupt DarkSide’s own operations. In June of 2021, citing the pressure it was under from US law enforcement, the DarkSide group announced that it was closing down its operation.

Another high-profile ransomware gang, Conti, drew a great deal of hostile attention to itself when it announced, in February of this year, that it was firmly in Moscow’s corner with respect to Russia’s war against Ukraine. That didn’t sit well with some of the gang’s sometime collaborators whose sympathies lay with Ukraine, and critics doxed the gang’s internal chatter. The embarrassment (and the risk) were severe enough that Conti, after a last hurrah committed against Costa Rican government networks and resources in May 2022, seems to have begun winding up its operations by the third week of that month. There was more heat than a large criminal gang could withstand.

But the former members and affiliates of big ransomware gangs are evidently deciding that they can strike out on their own, without the specious coverage of a big umbrella group. Recorded Future’s Allan Liska explained to Tech Monitor why this is so. “They know the operations in and out,” he said. “They know how to do the negotiations. They know how to make code adjustments and all that other stuff. So, they’re fine without a big umbrella group to support them.”

And the new splinter gangs think they have an advantage, and that advantage is social engineering. Yelisey Boguslavskiy, of Advanced Intelligence told Tech Monitor, “As one of the actors said during internal communications, ’We can’t win the war on the technology side because we’re competing with companies that have budgets of tens of billions of dollars. We can never win that, but we can win the social side of things.’”

The social side of things is the speciality of new-school security awareness training. Social engineering will be the focus of the new ransomware gangs, and that new-school training can help make them more resistant to their ministrations.

TechMonitor has the story.

Topics: Ransomware

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.