One of the recurring themes in these CISO newsletter updates is that hackers are not lone wolves, but instead are often affiliated with and supported by well-organized gangs or state actors. So, a recent New York State Intelligence Center Bulletin about how “Ransomware groups continue to innovate and find new ways to monetize their illegal activity” seemed like it was worth discussing.

The bulletin made points that were amazing and scary at the same time. Because organizations are doing a better job of defending themselves against ransomware by having good backups of data, ransomware groups are expanding how they use their access to victims’ networks and data once they’ve broken in to further monetize their efforts. These include:

Setting up public websites to describe the status of various attacks that are in progress to recruit hackers to join their gang and to advertise their malware-as-a-service offerings.
Naming victims and showing countdown clocks to shame victims into paying ransom.
Reselling their backdoor access into victims’ networks to other hacking groups. By the way, on some of these websites, victims are referred to as “clients.”
Offering special limited time discounted prices for access into government agencies. See the screenshot below from the website of the Everest ransom team.

What can you do?

In these updates we typically try to provide specific actions you can take to protect yourself. This particular update doesn’t lend itself to that. But, since the 2021 Verizon Business 2021 Data Breach Investigations Report reveals that 94% of successful breaches start with email, we’ll leave you with 2 of our 4 Don’ts of Cybersafety:

Don’t assume that unsolicited email is harmless
Don’t open unexpected emails, and especially the links or attachments they contain

Remember that cyber attackers are trained professional criminals with lots of skill and resources. They are very good at tricking or pressuring “clients” into doing something that will lead to a major incident.