While in 2021 email attachments were the most common vector for ransomware delivery, the report by Palo Alto Networks found that the delivery method clearly shifted to URLs in the last year, in 75.5% of cases. the registered cases.
Within this category, the main entry vector for infections has been third-party applications, in 8.2% of the attempts identified by the company in 2022.
For its part, and unlike the previous year, email and its attachments, that is, delivery through the SMTP, POP3 and IMAP protocols, have only been used in 12% of cases during this period.
Using a large random sample, including 7,000 out of 27,000 unique URLs, Palo Alto Networks researchers have tracked and analyzed addresses and hostnames hosting ransomware and identified some of the tricks implemented to hide the attacks.
Criminal gangs have rotated different URLs and hostnames to host the same ransomware or have used the same URL to deliver different variants of ransomware, and even other types of malware, such as cleaners, stealers or loaders, experts explain. Another regularity detected is that Racoon Stealer and Smoke Loader are occasionally used as the first step in a ransomware attack.
This URL rotation for ransomware delivery is believed to be used to bypass block lists that search engines collect as suspicious or dangerous.
Another strategy of ransomware gangs is to use popular public hosting, social networking and media sharing services, as well as long-lived benign domains that they have managed to compromise. Palo Alto Networks cautioned that these URLs are likely to slip through the cracks of many URL blocking services because they are associated with legitimate businesses.
Let’s remember that ransomware is extortion software, which can lock down computers, networks and entire systems if a ransom is not paid to unlock it. These sums of money are often requested in cryptocurrency to make it more difficult to track where the payment is going.
Another recent investigation by the company has revealed that the average ransom payment has grown by 71% in 2022 and is approaching the record mark of 900,000 euros. And these figures do not account for additional costs incurred by victims, remediation expenses, downtime, reputational damage, and other damages.
The situation becomes more worrying when looking at the numbers in perspective with previous years. The average ransom payment in cases worked by Palo Alto consultants in 2020 was approximately €270,000, while in 2016 it was less than €500.
In addition, the pressure is heightened by the “double extortion” technique, which threatens affected organizations not only with losing access to files but also with posting the stolen information on the dark web, identifying the victims and sharing alleged snippets of sensitive data stolen from their networks.
CyberSec84 | Cybersecurity news. 
Leave a comment