With Brazil already facing an overwhelming wave of ransomware attacks, Hilmar Becker, Country Manager, F5 networks, Brazil, warns of a switch in tactics by threat actors – leaving organisations even more exposed.
Throughout 2023, a harsh reality set in.
The ever-evolving threat landscape has ransomware continuing to wreak havoc.
Brazil remains in a prominent position in relation to this threat: we are the fourth largest ransomware target in the world, according to a report released in the first half of this year.
Only the US, UK and Spain beat our market in this regard.
The accelerated digitalization of the Brazilian economy is not always accompanied by alignment with the best practices of digital security, which increases the vulnerability of companies to these types of attacks.
For years, the practice of encrypting data and holding it hostage until a payment was made was the hallmark of ransomware attacks. The victim’s dilemma was quite simple: pay the ransom or risk losing access to critical data.
To maintain their effectiveness, ransomware gangs have started to innovate with different tactics.
This is the case of double extortion, in which not only is data encrypted, but also stolen information is threatened to be publicly exposed or sold on the dark web.
The first case of this modality happened in 2019.
Shortly after, in 2020, triple extortion began to make the news, which takes double extortion a step further, taking advantage of confidential information about customers, relatives, or other entities related to the victim.
This is an advanced level of blackmail that starts from the attack on the organization to, at another time,
trigger actions pulverized by all the people who had their data exposed.
In recent months, cybercriminals have introduced yet another technique to their arsenal: unencrypted attacks.
In the face of the overwhelming wave of ransomware affecting Brazil, it has become commonplace for companies to keep backups of their data, and decryption tools are being created to neutralize ransomware variants.
This advocacy has changed digital gangs. Thus, instead of going through the time-consuming process of data encryption, threat actors are skipping this step altogether.
The focus now is on gaining access to sensitive data and threatening to release it to the public or auction it off.
An unencrypted attack relies more on psychological pressure to coerce victims into paying the ransom. Its speed, simplicity and reduced technical complexity, compared to encryption-based attacks, make this technique worrisome.
Here are the results of data-free attacks:
- Faster ransom demands. With unencrypted attacks, cybercriminals can demand a ransom more quickly since they eliminate the encryption step. Victims find themselves under heavy pressure to pay and prevent their data from being exposed.
- Reputational damage. The mere threat of data exposure can have a strong impact on businesses. Stolen confidential information, including customer data, financial records or intellectual property, can lead to substantial trust issues between customers, partners and the public.
- Regulatory fines. Companies that handle personal or sensitive data are subject to a variety of government and industry data protection regulations. In the event of a data breach, hefty fines and legal repercussions can compound the financial impact – making the situation even more challenging.
BianLian is a model of unencrypted ransomware
An example of a cybercriminal group that has switched to unencrypted ransomware is BianLian.
According to a cybersecurity advisory released by the FBI, CISA, and the Australian Cyber Security Center, BianLian has been targeting critical infrastructure and organizations in the US and Australia since June 2022.
The criminal group originally leveraged a double extortion model, but as of this year, it has primarily migrated to exfiltration-based extortion.
It appears that BianLian has recently targeted the Save the Children tag.
The group claims to have stolen 6.8 TB of the nonprofit’s data, including financial, personal and medical information.
That investigation is still ongoing.
The search for alignment with the Zero Trust model
Some forecasts indicate that ransomware will cost victims somewhere around US$ 265 billion per year by 2031.
Enterprises need to be proactive and establish a Zero Trust Network Access security framework to effectively confront unencrypted attacks as well as the evolving ransomware threat landscape.
The guiding principle behind zero trust is: don’t trust blindly; Always check.
Currently, nearly 90% of all Internet traffic is encrypted and most malware and threats are hidden in encrypted traffic.
If you want to keep your applications, your data and your organization safe from ransomware – and get a comprehensive, zero-trust environment – you need to encrypt these assets.
Orchestrating Defense in a Multi-cloud Environment
One of the challenges of this strategy – intensifying the use of advanced encryption solutions to make it harder for criminals to access critical data – is that it has to be done in a way that doesn’t impact the user experience. The work of encrypting and decrypting critical data must be carried out with maximum performance and accuracy.
A cloud platform that orchestrates this process with the help of AI and ML resources can offer the necessary elasticity to preserve, for example, consumer engagement with large B2C portals – you gain in safety without increasing friction.
In the fluid world of the digital economy, the power of an encryption and decryption platform has to be distributed across the many clouds according to each organization’s business logic.
This is critical to exposing threats and stopping chains of ransomware attacks.
The goal is to prevent attackers from being able to monetize the crime through blackmail that affects the value of the brand.
Click below to share this article