Study: One cybercrime gang extorted RM309.86mil from targets

DiMaggio’s study is a broad examination of attacks in recent months, examining the goals, practices and payoffs of what he calls the world’s first 'ransom cartel’. — AFP Relaxnews

One gang of cybercriminals extorted at least US$75mil (RM309.86mil) from private sector companies, local governments and hospitals, a former NSA contractor concluded in a months-long study released on April 7, an alarming sign of the potential financial rewards for online attacks.

Jon DiMaggio, the chief security strategist at Virginia-based Analyst1, estimated the group known as Twisted Spider used the Egregor ransomware to extract at least that amount from his targets, according to publicly acknowledged ransom payments. He believes the real number is much higher, because “many victims never publicly report when they pay a ransom” and the “bad guys don’t post their stuff online”.

DiMaggio’s study is a broad examination of attacks in recent months, examining the goals, practices and payoffs of what he calls the world’s first “ransom cartel”. Gangs like Twisted Spider operate within a web of similar groups, often, often relying on other gangs to hack into corporate networks and insert ransomware into systems.

That insulates the leaders of the group from prosecution. In February this year, for example, Ukrainian and French police arrested “affiliates” of the ransomware cartel in Ukraine.

The gangs of cybercriminals who predominantly originate from Eastern Europe and Russia have built checks and balances into their ransomware to ensure that none of the victims they target are Russian, DiMaggio wrote. The attackers joined forces to steal data and negotiate payment with victims across their command and control structure, and have created malware that checks if the system language they are attempting to infiltrate matches dialects spoken in the former Soviet Union.

“The Cartel gangs do little to hide the fact they speak Russian, and they go out of their way not to target victims within affiliated Russian territories,” wrote DiMaggio, who has in the past conducted vulnerability assessments on classified and unclassified US government networks and was later an intelligence analyst at Symantec.

The Russians “are not prosecuting these individuals and that’s one of the reasons why ransomware appears to originate primarily out of Russia. Those are the guys that don’t get caught because no one is arresting them. The ones that got arrested were arrested in Ukraine,” he told Bloomberg News.

The gangs also ran “leak sites” where they would post a company’s hacked data in a bid to shame them into paying ransoms to prevent further sensitive information from being published online.

Most worryingly for DiMaggio, was the growing trend of automating attacks. He said the gangs were “spending time and money to improve their malware and to add automation into the code of the ransomware”.

That will lead to a higher volume of attacks; an attack that once consumed a week to a month to stage was now taking hours.

“They’re taking their proceeds and they’re reinvesting in themselves,” he said. “It really reminds me of a business model, they’re professional criminals.” – Bloomberg

Article type: free
User access status:
Join our Telegram channel to get our Evening Alerts and breaking news highlights

ransomware , healthcare , hackers , Russia


Next In Tech News

VW's Skoda to stop production at Czech plants for a week due to chip shortage
Alibaba consolidates community group buying operations under new Taocaicai brand
China’s cyberspace watchdog presses Internet platforms to vet their online content as crackdown deepens
Apple fined S$1,000 for hosting social gathering with more than 50 staff at Orchard store
Chat app Discord raises $500 million in new funding
Theater chain AMC to accept other cryptocurrencies along with bitcoin
US regulators wary of Big Tech swallowing startups
Alphabet’s Waymo expands in San Francisco with Uber lease
A report on the EU’s proposed ‘Artificial Intelligence’ law focuses on high-risk AI
Former AWS veteran Charlie Bell to head cybersecurity ops at Microsoft

Stories You'll Enjoy