"Mere data exfiltration is no longer a lucrative approach for ransomware groups, and threat actors may increasingly rely on encryption to regain leverage, Coveware notes in a new report. Following a series of highly successful data-exfiltration-only attacks conducted by known groups such as Cl0p, other ransomware groups adopted the trend, stealing victims' data without encrypting it. The campaigns targeting MOVEit, Cleo, and Oracle E-Business Suite (EBS) customers are proof that the approach no longer delivers return on investment, Coveware says."
"Cl0p, it explains, started this trend with a simple strategy: it acquired an exploit for a zero-day vulnerability in a popular enterprise file transfer or data storage product, hacked as many instances as possible for data exfiltration, and extorted each compromised entity into paying a ransom. In 2021, the group likely made tens of millions of dollars using this tactic in the Accellion campaign, when over 25% of the impacted organizations likely paid a ransom."
Pure data-exfiltration ransomware campaigns initially produced substantial returns when threat actors exploited zero-day vulnerabilities in enterprise file-transfer and storage products to steal data and extort victims. Early incidents generated high payment rates, with some campaigns yielding tens of millions of dollars and over 20% of impacted organizations paying ransoms. Subsequent breaches showed steep declines in victim payments, with rates dropping below 2.5% or almost none in several incidents. Organizations are increasingly aware that paying does not erase legal consequences or guarantee suppression of leaked data. As profitability of exfiltration-only tactics falls, threat actors may return to encrypting data to restore leverage.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]