DUBLIN, April 27, 2022 /PRNewswire/ — With Russia’s continuing invasion and aggression in Ukraine dragging on, additional concerns over cyber security and potential attacks from Russian-backed threat actors have arisen and remain high. As Russian malware attacks continue to rise, Cyclonis Limited and its research partners are closely monitoring the developing situation and have compiled effective ways to help you protect yourself from attacks.
US authorities have issued several joint security alerts, coming from the FBI, CISA and NSA, warning of the increased risk of cyberattacks originating from Russian-backed threat actors, including state-sponsored ones. The increasing popularity and accessibility of ransomware toolkits and ransomware-as-a-service, have resulted in an explosion of ransomware attacks.
To learn more about the ongoing cyber attacks against Ukraine, visit https://www.cyclonis.com/cyber-war-ukraine-russia-flares-up-invasion-continues/.
The Russian invasion of Ukraine has led to unexpected shifts across the ransomware landscape. For example, the infamous Conti ransomware gang suffered significant data leaks after declaring their support for the invasion of Ukraine. Around the same time, the criminal outfit operating the Racoon Stealer malware announced a suspension of operation, as one of the hacking gang’s core members died due to the war in Ukraine.
As Concerns About Ukraine Mount, Cybersecurity Experts & Governments Issue Ransomware Alerts
In spite of these shifts, Conti, LockBit 2.0, and other ransomware groups are expected to continue operations. Due to mounting concerns over the Ukrainian situation, cybersecurity experts and governments have issued cybersecurity alerts warning all organizations to be on high alert for potentially crippling cyber attacks. Ransomware, data-wipers, info-stealers, Distributed Denial of Service (DDoS) botnets, and other malware infections described below are expected to surge.
Conti is a Russian-backed ransomware threat actor responsible for multiple attacks on critical infrastructure systems. Conti ransomware has been active since 2020. It uses the AES-256 algorithm to corrupt critical files and demands payment to unlock the victim’s files. At the time of this writing, the ransomware gang has claimed to have compromised more than 50 organizations, including Ireland’s Health Services and Oiltanking Deutschland GmbH, a major German oil storage company.
LockBit 2.0 is a ransomware-as-a-service threat actor known for attacking large corporations such as Accenture and Bridgestone. It targets Windows and Linux servers by exploiting vulnerabilities in VMWare’s ESXi virtual machines. LockBit uses multiple methods to exfiltrate sensitive data and corrupts critical files. LockBit generally leaves instructions on the compromised system detailing how a ransom can be paid to restore the destroyed data. According to researchers at Trend Micro, in the second half of 2021 the United States was the country most affected by LockBit 2.0.
Karakurt is an advanced persistent threat actor focused on data exfiltration and extortion that is closely tied to other dangerous cybercrime outfits. In many cases, Karakurt and Conti ransomware infections have been found to overlap on the same systems. Researchers have also observed cryptocurrency transactions between wallets associated with the two groups. Even if you pay Karakurt’s ransom demands, you may still fall victim to Conti and other affiliated threat actors in the very near future.
How to Protect Yourself Against Ransomware Attacks
The attacks described above are not limited only to companies and government agencies. It is important to remember that many ransomware attacks target individual users and consumers worldwide. Users can follow these guidelines to help to prevent ransomware and malware attacks and help increase online security:
About Cyclonis Limited
An Irish company headquartered in Dublin, Cyclonis Limited designs and develops desktop, mobile, and cloud-enabled software products focused on simplifying data organization and management. Our applications aim to streamline the process of organizing the increasing volumes of information regular computer users deal with every day.
Connect with Cyclonis Ltd. on Twitter | Facebook | LinkedIn | YouTube
SOURCE Cyclonis Limited