Cyber gangs switch to big game as they look to maximise ransoms

There are new warnings cybercriminals have changed their approach and are now pursuing a new campaign  of “big game hunting”.

Cyber risk solution company, Resilience, has warned ransomware is entering a new era, as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions, according to  its Midyear 2023 Claims Report.

It said notably there has been an increase in targeting firms able to pay larger ransoms, as seen with the recent MGM Resorts hack, along with MOVEit, the latter of which compromised UK companies, potentially including the BBC, Boots, British Airways, and Ofcom.

Furthermore, the report found that encryption-less extortion, as used during the MOVEit hack, is now the top approach by hackers, with third-party hacks now the leading cause of claims.

Resilience also found that only 15% of its client base elected to pay a ransom in the first half of 2023, well below the global average of 39.5%.

Among its other findings:

  • Cybercriminals are returning to “big-game hunting.” Attackers are focusing on bigger targets, particularly those organizations with sensitive data that are able to pay larger ransom demands. Two recent examples are MGM Resorts (pic) and Caesars Entertainment.
  • Third-party vendors become the lead point of failure. Vendor cyber risk has overtaken phishing attacks as the leading point of failure in cybersecurity. Resilience data shows third-party vendor incidents account for 28.9% of its clients’ all-time claims, ahead of phishing at 23.1%.
  • Traditional ransomware expanding to encryption-less extortion. Threat actors are expanding on previous tactics in which they encrypted data and offered decryption keys in exchange for ransoms. Now, Resilience is seeing an increase in encryption-less data exfiltration attacks that threaten to publish sensitive material unless the criminals’ extortion demands are met.

“While Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 on track to be one of the most active years on record,” said Vishaal “Hariprasad, CEO & co-founder of Resilience. “However, ransomware risk can be mitigated to the point that victims can choose not to pay a ransom.

“Resilience data shows only 15% of the overall Resilience client base who experienced an extortion incident in the first half of 2023 elected to pay to resolve an incident.”

In comparison, for all ransomware attacks analysed by Coveware, the average payment rate was 39.5% in the first two quarters of this year.

Resilience added a significant event behind the trend in encryption-less extortion was the massive hack in May 2023 of the MOVEit file transfer platform. The attack affected at least 1,000 organisations and more than 60 million individuals, whose data was stolen by a notorious ransomware and extortion gang. The gang is continuing to extort payments from victims.

“The findings of the Midyear 2023 Claims Report support the Resilience model of a holistic approach to managing risk,” it added.