Latin America. The disappearance of ransomware groups with a track record, such as Conti and REvil, has prompted the emergence in Latin America of new and small gangs of cybercriminals, who seek to negotiate the payment of ransoms for ransomware-type attacks.
According to Akamai, these emerging groups employ specialized negotiation skills in their teams, as well as research on the most important points for a company and how to attack them, "in such a way that the organization is unable to operate and forced to pay the ransom."
The company also assures that the rapid increase of the Ransomware as a Service (RaaS) business model in Latin America has led to the emergence of the aforementioned groups, while experiencing the decline of large cybercriminal groups. "In this region this activity already operates under new structures and profiles that mimic corporations with the aim of continuing to strengthen their criminal operations" while representing a challenge for threat intelligence analysts.
Oswaldo Palacios, Senior Account Executive for Akamai, noted that the demise of ransomware groups such as Conti and REvil have fueled the emergence of smaller gangs. In fact, in Latin America, small groups that bet on ransomware as a service are mainly focused on attacking government companies or private initiative in this region.
"RaaS groups are becoming more organized and efficient. They currently have several departments responsible for administration, finance, human resources and along with a classic organizational hierarchy with team leaders who depend on senior management. Each stage of the attack has people acting as managers and new roles are emerging, such as those of ransomware negotiators."
Akamai said a ransomware attack involved developers (20%), initial access brokers (10%), pentesting managers (10%), negotiators (10%) and affiliates (50%).
Finally, the brand ensures that Ransomware as a Service works, mainly, through four possible ways: paying a monthly subscription in exchange for using ransomware; through affiliate programs, where apart from the monthly fee a commission of the ransom benefits is also paid; through a commission-free single-use license; Or only through commissions, i.e. there is no monthly or entry fee, but ransomware developers take a commission for each successful attack and ransom received. Hence, in this ecosystem the payment of the ransom becomes relevant.
However, Akamai expert Oswaldo Palacios advised organizations not to pay for a ransomware ransom, as doing so does not guarantee the recovery of the company's information or operation.
"It will always be better to undertake a prevention strategy, micro-segmentation, for example, is becoming an increasingly important tool for IT teams facing the challenge of maintaining security policies and compliance in line with the rapid pace of change in today's dynamic data centers, cloud and hybrid cloud environments."
Leave your comment