A number of ransomware attacks in the past week have impacted healthcare, hundreds of thousands of parcel deliveries during the pandemic, and even a lingerie maker.. Attackers threaten to lose confidential data if companies fail to make the necessary payments.
ITNews reported that the Australian logistics giant Toll Group, suffered his second ransomware attack this year, with a type of ransomware called “Nefilim”.
The Toll Group had shut down their computer system after discovering “unusual activity”.. The company responsible for delivering hundreds of thousands of parcels a day, confirmed that the Neflim ransomware attack had nothing to do with what was experienced earlier this year.
The toll group is taking a tough line and assuring the media that it will not pay the ransom like the first attack in early 2020. Manual processes are underway to get the system going again.
Threat to reveal “secret” information
Sky News reported that the Sri Lankan-based lingerie producer for Beyonce and Victoria Secret MAS Holdings was also attacked. with the latest information indicating that the blackmail attempt was also made by Nefilim.
And on April 29, Cointelegraph reported a ransomware attack on the Parkview Medical Center in Colorado that shut down the technical infrastructure that rendered patient information inoperable.
The growing trend of ransomware
Brett Callow, a threat analyst at Emsisoft, spoke to Cointelegraph about the attack:
“Filtering data providers to cybercrime groups with an added benefit to blackmail payments and add additional monetization options. If the company doesn’t pay, the stolen data can be sold, exchanged, or subjected to” spear phishing “attacks on other organizations. Actually, actors can do this regardless of whether the company pays or not. “
According to Callow, the analysis showed that there is clear evidence that the data stolen from these attacks was sold to the target company’s competitors, sold, and marketed in the dark network., were used for spearfishing and identity theft.
Cyber criminals leaked data as evidence of an attack
Cyber criminals said they received 300 GB of private files from MAS Holdingsand as evidence Some of the stolen documents have already been published online.
Callow believes that this type of ransomware shows a “growing trend” in the cybercrime world:
“The first group to steal and publish data was Maze at the end of last year. Since then, many other groups have adopted the same strategy, so this strategy obviously works. In one case, the Maze group asked for $ 2 million.: 1 million to decrypt the data plus 1 million to destroy the stolen copy. The amount of demand varies from victim to victim and case by case. “
However Emsisoft saw a significant drop in successful ransomware attacksAt least in the United States in the first quarter of 2020.