Threatpost has the Story:
This is a current story (7/7/20) of threats emerging from the Russian criminal groups.
The following is from a previous analysis from has the Story
The intsight document shows several groups, of which the above is just one group “the Sandworm” team.
Another blog.malwarebytes.com post: Threat Spotlight: WastedLocker, customized transomware
The ransom demands were high from $500,000 to $10 million in Bitcoin. This is in an environment where the criminals also ransomed the backups (which apparently were accessible for the hackers) The sophistication of the hackers is obvious, but their sophistication is not just to any new hack or ransomware attack. It also shows that the criminals were able to figure out the attacks that will lead to the most return on investment of their time.
Let’s review a little from first 8 months of 2019(from statescoop.com):
“The first eight months of 2019 were particularly lucrative for the Ryuk malware’s authors. So far this year, Ryuk is known to have collected $400,000 from rural Jackson County, Georgia; nearly $600,000 from Riviera Beach, Florida; $490,000 from Lake City, Florida; $130,000 from LaPorte County, Indiana; and $100,000 from the public school district in Rockville Centre, New York.”
So almost a year later it is not a surprise (or should not be) that the organizations in Russia are trying to increase their yield. The bad actors are putting together profiles of business entities which are most likely to pay, and then they do more research by actually hacking and looking at the defenses.
It is nigh time for US businesses to become more systematic about Cybersecurity defense.
Contact us to discuss