IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Organizations warned of ransomware risk from smaller operators

They may not have the financial muscle, but small-time cyber crooks can cause havoc for critical systems

The risk from small-scale ransomware cyber criminals is not to be underestimated, according to new research by McAfee.

Thibault Seret, a security researcher on the McAfee Advanced Threat Research team, said that while big ransomware attacks make the headlines, there are many smaller actors without access to the latest ransomware samples. 

These small-time hackers are “getting creative and looking out for the latest malware and builder leaks they can be just as devastating to their victims.”

Seret said that away from the gaze of researchers who typically focus on the larger ransomware groups, many individuals and smaller groups are “toiling in the background, attempting to evolve their own operations any way they can.”

He said one small-scale threat actor has evolved from deploying homemade ransomware to using major ransomware. They made the transition by leveraging publicly leaked builders to create their versions of Babuk and Chaos.  

Seret said there are two distinct types of cyber criminals taking advantage of leaks such as this. One less tech-savvy group merely copied and pasted the builder, substituting the Bitcoin address in the ransom note with their own. The second group has gone further, using the source material to iterate their versions of Babuk, complete with additional features and new packers.

Seret’s team followed one small-scale hacker and noted how they moved from simplistic ransomware and demands in the hundreds of dollars to toying with at least two builder leaks and ransom amounts in the thousands of dollars.

“While their activity to date suggests a low level of technical skill, the profits of their cyber crime may well prove large enough for them to make another level jump in the future,” he said.

“Even if they stick with copy-pasting builders and crafting ‘stagers’, they will have the means at their disposal to create an efficient attack chain with which to compromise a company, extort money and improve their income to the point of becoming a bigger fish in a small pond, just like the larger RaaS crews.”

John Fokker, head of Cyber Investigations for McAfee Enterprise's Advanced Threat Research team, told IT Pro that even though REvil accounted for 73% of ransomware detections in Q2 of 2021, cyber criminals are resourceful, and large groups are no longer the only players making a profit. 

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

“The threat for businesses is intensifying as smaller-scale ransomware actors build on the work of these larger groups,” he said.

Fokker added that enterprises should use this warning as an opportunity to get ahead of adversaries and figure out how they could tighten up their defenses against future attacks. 

“This could include the use of threat intelligence, which helps organizations to predict and prioritize potential threats before pre-emptively adapting their defensive countermeasures, ensuring optimized security and future business resilience,” he added.

Fokker said that organizations should also deploy a security strategy that blends zero trust and SASE approaches so enterprises can protect entry and data at every control point. 

“This approach is particularly important as opportunistic actors evolve their tactics and will help to ensure organizations have the necessary barriers to protect against attacks of any size,” he said.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
RATDispenser evades nine in ten anti-virus engines
Security

RATDispenser evades nine in ten anti-virus engines

24 Nov 2021
US government warns of increased risk of ransomware over holiday season
ransomware

US government warns of increased risk of ransomware over holiday season

24 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022