Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets
As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets.
“Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains,” researchers from Proofpoint said in a write-up shared with The Hacker News.
“Cybercriminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network.”
Besides angling for a piece of the illegal profits, the email and cloud security firm said it is currently tracking at least 10 different threat actors who play the role of “initial access facilitators” to supply affiliates and other cybercrime groups with an entry point to deploy data theft and encryption operations.
Attacks that rely on email messages to directly distribute ransomware in the form of malicious attachments or embedded hyperlinks continue to remain a threat, albeit at lower volumes. Proofpoint noted that it identified 54 ransomware campaigns distributing a little over one million messages over the past year.
“Short dwell times, high payouts, and collaboration across cybercriminal ecosystems have led to a perfect storm of cybercrime that the world’s governments are taking seriously,” the researchers concluded. “It is possible with new disruptive efforts focused on the threat and growing investments in cyber defense across supply chains, ransomware attacks will decrease in frequency and efficacy.”