EclecticIQ

newspaper-fold Latest

Rapid TTP Development and Syndicate Adoption Ignite Q2 Ransomware Explosion
June 01, 2021

Rapid TTP Development and Syndicate Adoption Ignite Q2 Ransomware Explosion

Summary of Findings

  • APT groups are using ransomware functionality to enable and mask targeted data destruction, possibly for political reasons.
  • DarkSide group has suspended its ransomware-as-a-service (RaaS) program , possibly due to disruptions to its infrastructure following the Colonial Pipeline attack.
  • The rapid evolution of JSWorm ransomware from mass-scale operations to targeted threats showcases the investment by RaaS operators in new TTPs.
  • The use of third-party loaders is helping ransomware syndicates like Conti grab a larger share of the market.
  • Ransomware operators are adopting a new TTP to hinder incident response: deploying multiple variants with different encryption algorithms at the same target.
  • Pakistan-linked APT36 is likely behind a spear phishing campaign against defense personnel in India, possibly for espionage purposes.
  • A Brazilian banking trojan family has spread from South America to Europe, where it has been used to steal credentials from customers at dozens of banks.

Read more

Popular