The cybercriminals Lapsus$ group has made headlines in recent months. Palo Alto Networks provides information on the spectacular series of attacks and its current ransomware report.
Palo Alto Networks already published the current 2022 Unit 42 Ransomware Threat Report. According to this, the average ransom demands in 2021 increased by 144 percent to 2,2 million US dollars. The average payment increased 78 percent to $541.010 over the same period.
The Lapsus$ Group threat actor has gone from a handful of destructive attacks to stealing and releasing source code from several leading technology companies in just a few months.
Lapsus$ does not use ransomware
Although Lapsus$ is sometimes referred to in reports as a ransomware group, it is notable for not using ransomware in extortion attempts. In today's environment, threat actors prefer using ransomware to encrypt data and systems, often extorting victims for significant amounts of cryptocurrency in exchange for decryption keys, sometimes increasing the pressure by threatening to release stolen data. However, Lapsus$ is unusual in its approach - for this group, fame seems to be the goal rather than financial gain.
Unit 42 has helped organizations respond to multiple Lapsus$ attacks. The Lapsus$ group does not deploy malware into victim environments, does not encrypt data, and in most cases, does not use blackmail. They focus on using a combination of stolen credentials and social engineering to gain access to victims. We've also seen them ask employees on Telegram for their credentials with specific companies in industries including: telecom, software, gaming, hosting providers, and call centers.
Known Lapsus$ victims include
- NVIDIA
- Samsung
- Ubisoft
- Vodafone
- Microsoft
- LG
- Okta
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.