Europol: Ransomware Gangs Focusing on High Profile Targets

Ransomware gangs have increasingly focused on high-profile targets like large corporations and government institutions in the past year, according to Europol’s Internet Organised Crime Threat Assessment (IOCTA) 2021.

The report, which offers insights into current cybercrime trends in Europe, revealed that ransomware actors have taken advantage of widespread homeworking to launch more sophisticated and targeted attacks.

The law enforcement agency also highlighted the growing use of multi-layered extortion methods to extort service providers, financial institutions and businesses, such as DDoS attacks.

Additionally, they observed that cyber-criminals have increasingly recognized the potential to attack a large number of organizations via supply chain attacks, often targeting the ‘weakest link.’ The Kaseya and SolarWinds incidents are prominent examples of this trend.  

Another concerning finding in the report was an “alarming” rise in self-produced explicit material of children online. This has been driven by increased unsupervised internet use by children in the pandemic. The authors said children were frequently lured into producing and sharing explicit material of themselves by offenders using fake identities on gaming platforms and social media sites. Additionally, some offenders recorded or captured victims performing live-streamed sexual acts for them without the victims’ knowledge.

Other notable trends in the past year included fraudsters continuing to leverage the COVID-19 crisis and increased online shopping to scam victims. There has also been an evolution in mobile malware, with cyber-criminals trying to find ways to circumvent additional security measures such as two-factor authentication, according to the report.

Catherine De Bolle, executive director at Europol, lauded recent law enforcement successes in disrupting cyber-criminal gangs and emphasized the importance of such operations in stemming the scourge of attacks. “Worldwide operations, such as the successful takedown of EMOTET botnet, have demonstrated the effectiveness of international cooperation. Ransomware groups have attempted to disrupt critical infrastructures, such as service providers and government institutions, to increase their profits with no concern for the possible damages such interceptions may cause to public safety and security. To this, the collective response of our international law enforcement community is clear: the authorities and the private sector worldwide stand strong and ready to mitigate together any threat that blackmails the stability of our societies,” she stated.

Commenting on the findings, Chris Waynforth, AVP Northern Europe at Imperva, said: “This is further evidence of how much of a threat ransom attacks pose to businesses, including those that go beyond ransomware. Our research has seen a surge in ransom-focused DDoS attacks, partly because they can be even easier to carry out than ransomware attacks. It’s no coincidence that the number of DDoS attacks has quadrupled in the last year. Using rapid-fire attacks, averaging just six minutes, cyber-criminals demonstrate their capabilities to businesses before sending an extortion demand, threatening much larger attacks if payments aren’t made.

“Hackers are carrying out ransom attacks because they are one of the fastest ways to big profits, and their tactics go beyond just using malware. Businesses need to have proper cyber-resiliency strategies in place so that no matter what sort of ransom attack comes their way, the impact is minimized and operations can continue.”

What’s Hot on Infosecurity Magazine?