Unscrupulous, organized, networked: Ransomware has long ceased to be a casual pastime of bored hackers, but a criminal business with high sales and stakes. But in the end, cyber criminals are only people who fail even perfectly planned ransomware attacks. Sophos names a few mishaps.
Typical ransomware is a sophisticated, human-operated attack in which the intruders often stay on the network for several days to weeks before starting their extortion. During this time, they move around the network, stealing data, installing new tools, deleting backups, and more.
When attackers make mistakes during stress
The attack could be detected and blocked at any point in time, which is particularly stressful for the cyber criminals who control the attack via keyboard. You need to change tactics in the middle of the action, or make a second attempt at planned malware deployments if the first one fails. This pressure can lead to errors. Cyber gangsters are ultimately only human.
The Sophos Rapid Response Team has recently chuckled several times about failed ransomware attacks during its analysis. Here are the top 5 ransomware breakdowns:
- The Avaddon Group, who was asked by her victim to publish her own data - one could not restore part of it. The group, too stupid to understand what their victim had in mind, made the announcement that they would publish victim data come true and the company concerned regained its possession of its data.
- The Maze attackers: insidewho stole a large amount of data from a company only to find out that it was illegible: already encrypted by the DoppelPaymer ransomware. One week ago.
- The Conti specialist: inside who encrypted their own newly installed back door. They installed AnyDesk on an infected computer to secure remote access and then rolled out the ransomware that encrypted everything on the device. AnyDesk too, of course.
- The Mount Locker gangwho couldn't understand why a victim refused to pay after leaking a sample. Why? The published data belonged to a completely different company.
- The attackers: insidewho left the configuration files for the FTP server they used for data exfiltration. This enabled the victim to log in and delete all of the stolen data.
"The enemy mishaps that caught our eye are proof of how crowded and commercialized the ransomware landscape has become," says Peter Mackenzie, manager of the Sophos Rapid Response team. “As a result of this trend, you can find different attackers: inside targeting the same potential victim. If you add the pressure exerted by security software and incident responders, it is understandable that the attacks are prone to errors. "
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.