Over the past few years, the methods cybercriminals use to distribute ransomware has changed dramatically. While a few years ago, they would spread encrypted files on a large scale, today, their ransomware attacks have become more focused.
Now, fraudsters examine the target in detail and research each target, looking for additional leverage.
Infamous ransomware gangs behave like fully-fledged online service providers, using traditional marketing techniques. And according to Kaspersky, Internet users can see five clear examples of this transformation by looking at Darkside ransomware gang:
1. Darkside actively establishes contact with the press
On their website, there’s a semblance of a press centre set up to enable journalists to ask questions and receive first-hand information and learn about upcoming publications of stolen information in advance. In fact, DarkSide operators strive to get as much resonance in the networks as possible.
2. Ransomware groups collaborate with decryption companies
This is evident because many state-owned companies are prohibited from entering negotiations with cybercriminals. This has created a demand for such intermediaries, who provide legitimate data decryption services.
3. Darkside claims to donate part of their income to charity
Thus, they show those who do not want to finance crime, that some of their money will go to a good cause. However, some charities are prohibited from accepting illicit money, and such payments would be frozen.
4. The cybercriminals now carefully analyse stolen data and the market
Before publishing information, they study the contacts of the company and identify well-known customers, partners and competitors. Kaspersky experts state that the main purpose of this is to maximise target damage, to intimidate victims and to increase the chances of getting a ransom.
5. The Darkside ransomware gang now has its own code of ethics, just like real enterprises do
They claim to never attack medical companies, funeral services, educational institutions, non-profit organisations, or government companies.
“We’ve witnessed a massive transformation in how ransomware gangs play in the market nowadays. The only reason for this shift is their immense profit. Today, cybercriminals have more funds than ever before, which they can invest in market analysis, and work with partners, journalists, and charities. To defeat them, we need to cut off their financial flows, and namely, to stop paying ransoms,” says Roman Dedenok, Kaspersky Security Expert.
