Families we don't like

Welcome to the new 85 cyber warriors who joined us last week. 🥳 Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage.

Keep up with our weekly newsletters on LinkedIn, Subscribe here.

This week we’re focused on…📣

Ransomware families. Specifically, the ones that are causing the most problems in 2023.

On the blog, we wrote about Akira – a new family of ransomware that’s claimed several successful attacks since March this year.

But Akira isn’t the only family on the block. So which other ransomware groups should you be aware of right now? 💭

Among the most prolific ransomware families this year are LockBit, 8Base, and Clop.

LockBit 🔒

First detected in September 2019, LockBit ransomware blocks user access to computer systems – demanding a ransom payment to regain access. The malicious software automatically identifies viable and valuable targets, and once the infection has entered a network it can encrypt all accessible computer systems.

This has huge implications for businesses and government organisations.

LockBit attackers have threatened victims with several different consequences if they don’t comply with ransom demands – including operations disruption, extortion, and the illegal publication of stolen data.

And it’s particularly effective because it’s both self-spreading (it doesn’t need manual direction to encrypt computers on a network) and targeted – instead of attacking every organisation it comes across and seeing what sticks, it specifically targets organisations where it can have a serious impact.

8Base 🖧

This one’s pretty new on the scene – first hitting victims in March 2022. It had a major spike in activity in Q2 2023. 8Base pairs encryption with a name-and-shame strategy to push victims to pay a ransom – and its pattern of attack appears to be opportunistic, with no specific industry or victim profile standing out as a key target.

As well as being prolific, 8Base is very mysterious – with little clarity among cybersecurity professionals about its methods and motivations, in spite of a high number of attacks.

An analysis published on vmware’s security blog in June suggested that the speed and efficiency of 8Base operations meant it was unlikely to be a completely new group – and was probably a continuation of a more established criminal organisation. A month later, PC Risk confirmed that 8Base belongs to the Phobos ransomware family, which was first discovered in 2018.

Clop 💰

Thought to be based in Russia, this group has been in the news a lot lately. Clop has started releasing victim data on websites that are specifically created for that victim – which makes it easier to leak stolen data, and puts more intense pressure on victims to pay a ransom.

Clop recently targeted around 100 high-profile organisations – including the BBC, British Airways (BA), and Boots in the UK – in a hack that exploited a vulnerability in a file transfer app called MOVEit. Clop issued a notice on the dark web, warning all affected firms that their stolen data would be published if they didn’t email Clop by 14 June.

It’s now estimated that Clop will earn up to USD $100 million from the MOVEit attack.

So you see why we don’t love them 😤

It’s never nice to gossip about families you don’t like. But when it comes to ransomware groups, please gossip as much as you like – because the more information we share, the easier it is to mitigate risk.

Has your organisation been affected by any of these ransomware groups?

1. YES 😰 vote

2. NO 🥳 vote

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 09 August 2023.

Catch you next week,
Steve Durning
Exhibition Director

P.S. - Mark your calendars for the return of Black Hat MEA from 📅 14 - 16 November 2023. Want to be a part of the action?