According to a NordLocker report, the UK suffers the third highest rate of ransomware attacks in the world. By evaluating a combination of the organisation’s likelihood of paying up and the strength of their cyber security resources, cybercriminals choose their best targets.
But, what makes ransomware so difficult to address is the continual addition of strains to the cybercriminal network. Whilst some ransomware operations are shut down and some cybercriminals are unmasked and arrested, many multiply, merge or reappear with a new identity.
We’ve researched the most recent new ransomware strains, including “Bl00dy” and “Royal Ransomware”, to keep you informed of the latest cyber tactics and what to look out for.
The Bl00dy ransomware gang began operating around May 2022 and have since targeted organisations using double extortion techniques. However, rather than using the traditional data leak site for publishing stolen data, they use a Telegram channel. Here they share information and updates on their latest activities, warning victims that they will publish stolen data if organisations don’t pay up.
Security researchers claimed that Bl00dy have just started using a leaked LockBit ransomware builder in their attacks, which was shared on Twitter after the LockBit operater had a fallout with the developer. It’s no surprise that this leaked builder swiftly made it into the hands of more ransomware gangs since it allows anyone to build a fully functional encryptor and decryption tool and is easily customizable for different ransom notes.
This could mean that the Bl00dy ransomware gang could truly be anyone, even more amateur cybercriminals who have taken advantage of the builder leak to get ahead in the game. Some, however, have suspicions that Bl00dy is merely a side project of Conti – a notorious strain that has been around since 2020 – due to a code overlap. At the moment, there is no full evidence.
The top industries said to be targeted by the Bl00dy ransomware gang are Consumer Goods at 33.3%, followed by Professional Services and Healthcare, although there are currently only 6 known victims, so there is no clear pattern as of yet – all industries must stay cautious.
The Royal Ransomware gang launched in January 2022 – a few months before Bl00dy – but they’ve recently ramped up their operations and are definitely one to look out for, especially with their ransom demands ranging from £250,000 to a whopping £2 million.
Whilst Ransomware-as-a-Service (RaaS) has taken the spotlight for a while, Royal Ransomware are alternatively a private group with no such affiliates. They began their operations using others’ encryptors, such as Black Cat, before using their own – the first of which was Zeon. It was only in the middle of September 2022 that they rebranded to Royal.
Whilst Royal Ransomware have mostly been lurking in the shadows, as of recent there is a lot of coverage on their social engineering tactics, in particular their callback phishing attacks. These involve contacting users about subscription renewals, persuading the victim to call a false number in order to cancel it, and encouraging them to install a remote access software, which allows the hacker to gain access to their network. Data is clearly encrypted and stolen as part of this process, but there is still no Royal data leak site as of yet – but this is, perhaps, in the making.
Organisations must stay vigilant as Royal are likely to become one of the most significant enterprise-targeting ransomware operations over the coming months.
New ransomware strains make the news sometimes as often as every month, so staying up to date with the latest cyber security news is important so you know what techniques to look out for to keep your organisation safe.
Read our blog post here for insight into what company data could be most at risk of ransomware and what data cyber attackers focus on.
And don’t forget to reach out if you have questions or would like to discuss.
Call us directly and we’ll put you in touch with the most relevant cyber expert.
Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.