Cybercriminals have become bolder and more sophisticated, thanks to the rise in advanced extortion tactics these days. This has led to a surge in ransomware attacks all over the globe, with businesses suffering attacks every 40 seconds. In this article, we’ll discuss three of the most dangerous emerging ransomware threats that you should keep your eye out for.
AvosLocker is one of the newer ransomware families and provides ransomware as a service (RaaS). Though AvosLocker isn’t as prominent or active as some of its contemporaries (more on them later), you shouldn’t ignore it, especially since the U.S. Federal Bureau of Investigation (FBI) released an advisory on this threat. According to the report, AvosLocker targets critical infrastructure in different sectors of the US. It also runs an extortion site, which claims to have targeted six organizations across countries like Canada, UK, Lebanon, the U.A.E., Belgium and Spain.
It employs sly tactics like running itself on safe mode, auctioning stolen data with double extortion schemes, etc., in order to encrypt data and demand ransomware settlements. Despite detections for AvosLocker being low, its clever use of sly tactics makes it an emerging ransomware threat.
Active since June 2021, this double-extortion ransomware is an affiliate-based RaaS provider. Cybercriminals use Hive to conduct ransomware attacks against healthcare facilities, nonprofits, retailers, energy providers and other sectors worldwide.
This ransomware uses common tactics to compromise a victim’s device and asks them to pay ransomware settlements. Phishing e-mails with malicious attachments, leaking VPN credentials and exploiting vulnerabilities on external-facing assets are some of the multiple mechanisms Hive uses to compromise its victims’ networks. Once your device is compromised, Hive places a ransom note that threatens to publish the victim’s data on ‘HiveLeaks’, a TOR website, that is unless you pay the ransomware settlement.
3. LockBit 2.0
LockBit 2.0 group, also known as the ABCD ransomware group, is a new ransomware in a long line of extortion attacks. The group operates as an RaaS model and appoints affiliates and company insiders to carry out their cyber intrusions. Lockbit 2.0 can identify and collect an infected device’s hostname, host configuration, domain information, local drive configuration, remote shares and even mounted external storage devices.
Attacks under the LockBit pseudonym date back to September 2019, when it was dubbed the “.abcd virus”, referencing the extension of the encrypted files. They targeted organizations in the United States, China, India, Indonesia, Ukraine, Mexico, Belgium, Argentina and many more. LockBit 2.0 affected over 52 victims and counting during its run in the aforementioned countries. In late 2021, Lockbit 2.0 actually targeted IT consultancy giant Accenture and compromised several of its clients. Attackers reportedly demanded a $50 million ransom in exchange for the decryption key to over 6TB of data that was breached.
Your best bet to avoid these threats — and avoid having to pay a ransomware settlements — is to learn more about their functioning and research who their targets are. If your organization happens to be in their sight, make sure to invest adequately in security infrastructure. Keep your systems secure and prevent a ransomware attack before you have to rely on backups.
Recent trends reflect a surge in ransomware attacks. Given its usage as a service, it has led to attacks being orchestrated by affiliates. Governments and organizations are finally starting to gear up and disrupt these emerging ransomware threats.