- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Domain of Application >
- Trend snippet: Increased collaboration between ransomware threat actors
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Increased collaboration between ransomware threat actors
more closely with their peers in the criminal underground, behaving more like cybercrime cartels than independent groups. What appeared to be a wide variety of ransomware may not be as wide as it seems. As time went on, and we investigated an increasing number of attacks, Sophos analysts discovered that some ransomware code appeared to have been shared across families, and some of the ransomware groups appeared to work in collaboration more than in competition with one another.
Ransomware attacks launched throughout 2020 magnified the suffering of an already wary population. As the pandemic ravaged lives and livelihoods, so did a host of ransomware families, whose efforts did not stop targeting the health and education sectors, even as hospitals became COVID-19 battlegrounds and schools struggled to invent an entirely new way to teach children through March and beyond. You can’t raise enough in a bake sale during a pandemic to pay a ransom, but some schools managed to recover from attacks that appeared targeted at the first day of school, by keeping secure backups. Ransomware operators pioneered new ways to evade endpoint security products, spread rapidly, and even came up with a solution to the problem (from their perspective) of targeted individuals or companies having good backups, securely stored where the ransomware couldn’t harm them. But what appeared to be a wide variety of ransomware may not be as wide as it seems. As time went on, and we investigated an increasing number of attacks, Sophos analysts discovered that some ransomware code appeared to have been shared across families, and some of the ransomware groups appeared to work in collaboration more than in competition with one another. Given all this, it’s hard to make any kind of reliable prediction of what ransomware criminals will do next. Ransomware creators and operators have burned a lot of time working on defenses against endpoint security products. We counter their countermeasures. They show creativity and versatility in devising new tactics; we show tenacity in studying what they do and finding clever ways to stop them.
>Ransomware threat actors continue to innovate both their technology and their criminal modus operandi at an accelerating pace
>More ransomware groups now engage in data theft so they may threaten targets with extortion over the release of sensitive private data
>As ransom groups put more effort into active attacks against larger organizations, the ransoms they demand have risen precipitously
>Further, distinct threat actor groups that engage in ransomware attacks appear to be collaborating more closely with their peers in the criminal underground, behaving more like cybercrime cartels than independent groups
>Ransomware attacks that previously took weeks or days now may only require hours to complete