Tactical Experts Driving Success for Ransomware Gangs

Ten, twenty years ago, when you heard the word ‘ransomware’ it was because you (or someone you know) clicked a rogue link in an email by a lone-wolf hacker working out of a dark basement, which downloaded a virus on your computer and locked all your files. The attacks were automated and opportunistic and the fee to restore the data may have been a few hundred dollars at best.

This is a guest blog originally posted by eSentire.

The modern ransomware threat landscape is much different. Ransomware attacks have evolved from opportunistic attacks to targeted attacks that resemble heists to integrated business models for threat actors. What’s more is that there are no dingy, dark basements, and the hackers certainly aren’t lone wolves. Today’s threat actors have formed sophisticated groups with well-run operations that resemble those of enterprise organisations.

All this to say: cybercrime as we know it has changed.

The traditional opportunistic attacks eventually failed to make an impact. As would-be victims began to educate themselves on how to spot malicious emails, and organisations leveraged security practices such as email filtration, it became clear to threat actors that their tactics had to evolve as well, by:

  • Creating more realistic emails,
  • Targeting specific individuals at a company,
  • Leveraging attack vectors geared towards taking advantage of their victims’ behaviour (as seen with the Gootloader campaign, which manipulated Google search rankings to lure victims on to malicious websites and unknowingly download malware).

In the past four years, we have seen an exponential rise in the use of Ransomware-as-a-Service (RaaS), which has led to the formation of new ransomware groups as they no longer need to create new attack tactics to gain access into their targets’ environments. This increase in RaaS has pushed organisations to start taking what used to be small annoyances (e.g., spam mail or strange websites) much more seriously.


So, what’s driving this rise in RaaS?

As explained in the Dissecting Today’s Ransomware Ecosystem Report, this growth is largely driven by the recruitment of tactical experts within ransomware groups, who specialise in one specific aspect of the overall ransomware intrusion model.

By effectively encouraging each member to become an expert in one role, ransomware groups can procure specific services to expand their reach and increase the velocity of their campaigns. In fact, they can go as far as designing specific lures to target a certain industry to ensure that their campaigns leave no room for mistakes.

The result of cultivating these tactical experts is the formation of a cooperative cybercrime marketplace that is far more efficient than what most organisations are prepared for.

By leveraging tactical experts, modern ransomware groups have given their team members the structure like that of an enterprise organisation all to move towards one unified goal: maximum financial benefit.

The fact of the matter is, threat actors and organisations are locked in an arms race and unfortunately, there’s no silver bullet. Ransomware has become too big a threat for any organisation – big or small – to ignore.

Today, CISOs are well aware of the responsibility they, and their security teams, shoulder to keep up with the latest tactics, techniques, and procedures (TTPs). As a result, CISOs are constantly having to evaluate their security programs to strengthen their security posture and controls against the heightened risk they’re facing from the ever-evolving ransomware groups and threat landscape.

To learn more about the most popular initial access techniques used by threat actors, download the Dissecting Today’s Ransomware Ecosystem Report.

Assess your vulnerability to attack. Protect your reputation.

Working to a risk assessment matrix, we’ll clearly identify where your business is most susceptible to breach or attack.

Our assessment follows 3 Steps:

  1. Where and how your business operations create your potential for risk.
  2. We’ll explain the two primary security frameworks and how to apply them to your organisation 
  3. Define next steps: Achieve peace of mind with a tailored Strategic Security Roadmap for your business 

Don’t be tomorrow’s headline. Book your session today.  

Tecala and eSentire – creating a leading-edge security partnership across APAC

Tecala and eSentire have come together in an exclusive partnership across the APAC region. As eSentire’s sole MDR solution provider in Australia and New Zealand, Tecala will be augmenting its cyber security practice to offer clients a powerful, all-in-one cyber security service which detects, disrupts, and remediates known and unknown cyber threats.

Tecala is Australia’s #1 mid-market-focused Managed Service Provider (MSP). Coming from a consulting and advisory heritage, we have a tried and tested approach to delivering IT that ensures your technology environment is aligned with your business objectives and is continually optimised.

Our fully integrated suite of managed services includes cloud, voice and data interconnectivity, intelligent automation, and business continuity. These services are delivered by our local teams of senior consultants, architects, and engineers, who are supported 24/7 by our Australian-based SOC team of support staff.

With over 1,000 customers in 70 countries around the world, eSentire is recognised as the industry’s leading Managed Detection and Response service provider. By partnering with eSentire, Tecala are delivering an end-to-end cyber security services portfolio to customers across Australia and New Zealand, that is designed to hunt, investigate, and stop cyber threats before they become business disrupting events.


How Your Organisation Can Prevent a Ransomware Attack

With ransomware attacks now more common than ever, having established steps that your organisation can take to prevent a ransomware attack, are now a measure you can’t afford to live without.


How to Reduce the Impact of a Ransomware Attack

Ransomware is one of the biggest threats to any organisation today - period. As such, organisations must do everything in their power to reduce the impact of an attack.