Ransomware 2.0: Cybercrime Gangs Apply APT-Style Tactics

While run-of-the-mill ransomware attacks continue, some crypto-locking malware gangs are bringing more advanced hacking skills to bear against targets, seeking maximum bang for the buck. Unfortunately, these types of attacks are both more difficult to block as well as recover from, says Jake Williams, president of cybersecurity consultancy Rendition Infosec.

“The ransomware evolution is so stark at this point … We’ve actually dubbed the evolution – or revolution – of this as ransomware 2.0 because it’s so fundamentally different from what we saw a couple of years, even a couple of months ago,” Williams says in an interview with Information Security Media Group. “We’re looking at really targeted, APT-style tactics that we’re seeing these ransomware groups use.”

The use of more advanced tactics by some crime gangs against targets should come as no surprise. “Ransomware is a game of how to maximize the payout,” he says. And he expects to see more attackers pursuing more tactics for trying to force organizations to pay. That includes, for example, more frequently crypto-locking victims’ network-attached storage devices.

In this interview (see audio link below the image) recorded a the recent Black Hat Europe 2019 conference, Williams also discusses:

  • How hackers are “surgically targeting backup solutions” before deploying ransomware;
  • Cybercriminals’ increased propensity to rent botnets – such as Emotet – to distribute crypto-locking malware;
  • Why ransomware remains “an amazingly effective anti-forensics tool” that sometimes gets used by APT attackers running “one of those messier, smash-and-grab kind of operations.”

Williams is the president and founder of Rendition Infosec, a cybersecurity consultancy and incident response firm based in Augusta, Georgia. The computer science and information security expert is a U.S. Army veteran and a former network exploitation operator with the U.S. Department of Defense, where he earned the designation of “Master CNE [Computer Network Exploitation] Operator.”

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips