In recent times, the landscape of ransomware attacks has evolved, with threat actors altering their strategies. The common practice of encrypting databases and demanding ransoms has given way to a more nuanced approach. As cyber criminals have started adopting a new tactic known as “encryption-less” ransomware attacks.
Previously, adversaries employed double extortion tactics, stealing a portion of data from a database and then encrypting the entire repository, demanding payment in exchange for decryption keys. To amplify the pressure, they also threatened to leak sensitive information onto the dark web if the ransom was not paid promptly.
However, a notable shift has emerged in the way ransomware attackers operate. Instead of causing extensive disruption, they now seek to minimize the impact on their victims. They have introduced a novel approach—establishing a contact point in the form of a 24×7 customer service channel. Through this channel, victims can engage with the hackers’ support representatives to negotiate and facilitate the decryption of their compromised databases.
This model resembles a “software as a service” framework, where hackers interact with victims through customer service representatives. Beyond the surface level, this strategy conceals an additional motive. By minimizing downtime for victims, the attackers ensure that fewer incidents are reported to the media, law enforcement, and data protection agencies. This cloak of secrecy grants cybercriminals an extended window of operation and reduces the overall impact on victims.
According to a survey conducted by CrowdStrike, extortion attacks experienced a 20% increase in the preceding year, specifically in 2022. Intriguingly, these attacks involved stealing information without encrypting databases.
Another survey conducted by Cisco Talos between January and July of 2023 revealed a further 25% rise in encryption-less extortion attacks.
In these instances, criminals threaten victims with exposure of stolen data unless a payment is made. This approach benefits both parties involved, as victims are required to pay a comparatively smaller sum, and cyber-criminals circumvent the challenges posed by modern threat monitoring solutions. This move toward encryption-less tactics has enabled criminals to derive financial gains from their activities.
The question that arises is whether this shift in ransomware tactics is a lasting transformation or merely a temporary phase. The answer to this question can only be discerned over time. Future developments, which remain uncertain, will ultimately dictate the persistence or transience of this evolution.
In the present moment, it is evident that ransomware attackers have pivoted their methods. Encryption-less data extortion attacks have been showcased in recent incidents, such as the MoveIT cyber attack orchestrated by the CLOP ransomware gang. The dynamic nature of cyber threats makes it challenging to predict with certainty whether this trend will endure or fade away. Time will reveal the trajectory of this cybersecurity landscape.