Warning 2022 will be a “prosperous” year of ransomware-Information Technology

If last year we said that ransomware was in its infancy, this year it has reached its peak, Kaspersky warns.

Security firm Kaspersky has just issued a warning, the operation of ransomware (ransomware) has come a long way. They continued to grow and succeed despite the demise of some of the most notorious gangs. They find unusual ways to attack their victims, making their attacks more relevant.

Ransomware is constantly evolving. (Illustration)

According to Kaspersky, the first trend to note is the increasing use of cross-platform capabilities by ransomware groups. Today, they aim to corrupt as many systems as possible with the same malware by writing code that can be executed on multiple operating systems at the same time.

For instance, Conti – one of the most active ransomware groups, has developed a variant, distributed through select branches and targeted at Linux.

Or at the end of 2021, Rust and Golang – cross-platform programming languages ​​have become more popular. At that time, BlackCat – a malware gang that called itself “the next generation” had attacked more than 60 organizations since December 2021. They write malware in Rust. Golang was used in ransomware by DeadBolt.

Some files are encrypted by BlackCat malware.

Notably, throughout late 2021 and early 2022, several teams developed and deployed complete toolkits that resemble those of sane software companies. Lockbit stands out as a notable example of ransomware gang growth.

The organization boasts a range of improvements over its rivals, including regular updates and fixes to its infrastructure. They also introduced StealBIT for the first time – a custom ransomware filtering engine that allows data filtering at the highest speed ever, an indication of the team’s hard work towards increasing processes. speed up malware.

The third trend that Kaspersky experts have warned about is the result of the geopolitical situation, referring to the conflict in Ukraine that has heavily affected the ransomware scene. While such attacks are often related to APT (Advanced Persistent Threat) attacks, Kaspersky has detected several key activities on cybercrime forums and actions by ransomware groups against deal with this situation.

“Shortly after the conflict started, ransomware groups took sides, leading to politically motivated attacks by several ransomware gangs pro-Russia or Ukraine. One of the new malware discovered in the conflict is Freeud, developed by Ukraine supporters. Freeud has a wipe function. If the malware contains a list of files, instead of encryption, the malware deletes them from the system” , Kaspersky published its findings.

“If last year we said ransomware was in its infancy, this year it has already reached its peak. Although the large ransomware groups from last year were eliminated, new elements have emerged with techniques never seen before,” said Dmitry Galov, senior security researcher at Research and Analysis group. Global (GreAT) by Kaspersky commented.