All insights

Ransomware Attackers Partnering With Cybercrime Groups To Hack High-Profile Targets

A stock image of binary popping out of a computer screen

Read about how cybercrime groups are partnering with ransomware attackers to hack high-profile targets

June 16, 20212 min read

As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets.

“Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains,” researchers from Proofpoint said in a write-up shared with The Hacker News.

“Cybercriminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network.”

Besides angling for a piece of the illegal profits, the email and cloud security firm said it is currently tracking at least 10 different threat actors who play the role of “initial access facilitators” to supply affiliates and other cybercrime groups with an entry point to deploy data theft and encryption operations.

Initial access brokers are known to infiltrate the networks via first-stage malware payloads such as The Trick, Dridex, Qbot, IcedID, BazaLoader, or Buer Loader, with most campaigns detected in the first half of 2021 leveraging banking trojans as ransomware loaders.

Read more at The Hacker News

Continue reading

More perspectives

View the archive

Put insight to work

Bring the right security expertise to the next decision.

Tell us what your organization is facing. We will help define the practical next step.

Start a conversation