Kaspersky has published a new report stating that ransomware has made a strong comeback. This type of malware can do great damage: it infects major systems with a program capable of encrypting all files. Then a message arrives for the victim to pay an amount in cryptocurrency to the hackers to unlock the possibility to access the files. In some cases, hackers open access to the data, but in others nothing happens despite the payment.
According to Kaspersky , several major trends are emerging in 2022. The first is that hackers are now coding their own malware simultaneously for multiple operating systems and platforms. It is enough to cause very significant damage to a business - because the program can infect many systems at the same time. One of the most dangerous examples of this is ransomware produced by the Conti hacker group , distributed as SaaS (Software as a Service) on the dark web, capable of infecting both Linux and Windows machines .
2022 is actually the year of the ransom
But this is not the only trend in the industry. Hacker groups tend to rename their programs faster to evade monitoring by the authorities. Hackers also put the package to update the data-mining modules built into their malware — and many ransomware sold on the dark web as SaaS already have entire hacking suites, with potentially massive effects on target devices. An example is Lockbit Group which publishes and markets toolkits by promising regular updates.
Kaspersky notes that the war in Ukraine is pushing groups of cybercriminals to choose one side, which tends to increase the number of mutual attacks. A new ransomware variant called Freud has also been discovered and according to Kaspersky (based in Russia) the work of pro-Ukrainian hackers. Freud doesn't even try to encrypt files. Instead, it irreversibly deletes everything it finds on the target devices.
One of the leading security researchers at Kaspersky explains:
If you could say last year the number of ransomware was widespread, this year 2022 is even more so. Although major ransomware groups were forced to quit last year, new groups have emerged with new technologies. As ransomware threats evolve and spread, both technologically and geographically, they become more predictable, helping us to better detect and combat them.
To protect against ransomware, there is no such thing as a good antivirus.