Recent ransomware attacks have escalated, impacting organizations across the globe and leaving no sector untouched. A report from Trustwave SpiderLabs reveals a substantial uptick in attacks, particularly in the United States, where the financial sector, including banks and credit unions, has experienced an alarming concentration of incidents.
This year alone has seen a 64% increase in ransomware activity, up from 51% the previous year. Brazil and Canada have emerged as the second and third most targeted countries in this alarming trend.
Identified as the leading culprits are two notorious Russian cybercriminal groups: LockBit and ALPHV (also referred to as BlackCat). They have been relentless in exploiting vulnerabilities within the IT infrastructure of financial institutions, and their modus operandi aligns closely with tactics outlined in the MITRE ATT&CK framework, which provides a comprehensive overview of adversary tactics and techniques across the attack lifecycle.
The sophistication of double extortion tactics has also intensified within this criminal landscape. Recently, the BlackCat group orchestrated an elaborate scheme against Change Healthcare. While they deployed malware, another group called RansomHub threatened to expose sensitive stolen data unless a ransom of $22 million was promptly met. This incident shed light on the increasing intersection of various cybercrime factions, as investigations uncovered that both groups had penetrated the network of a subsidiary belonging to United Health. Initially, one of the groups secured a financial payout, but tensions flared when they refused to share profits, prompting the second group to directly solicit its share from the victim.
Financial institutions face heightened risks from ransomware attacks due to the extensive sensitive data they maintain, which serves as an appealing target for cybercriminals. The repercussions are severe, forcing banks and credit unions to contend with prolonged operational downtimes and recovery processes. Notably, PatelCo Credit Union continues to navigate the fallout from a ransomware breach, striving to recover fully from the significant disruptions it has experienced.
As cyber threats evolve, business owners must remain vigilant, adopting robust cybersecurity measures while understanding the sophisticated tactics employed by adversaries. By referencing the MITRE ATT&CK framework, organizations can better prepare themselves against these malicious actors, potentially mitigating risks associated with initial access, persistence, and privilege escalation tactics that are commonly exploited in financial sector attacks.
