Fraud Management & Cybercrime , Ransomware , Social Engineering

Ransomware Groups Seek Fresh Tactics Following Hive Takedown

Social Engineering and Decentralization Surge, Says Researcher Yelisey Bohuslavskiy
Yelisey Bohuslavskiy, chief research officer, Red Sense

Stung by the FBI's infiltration and takedown of the Hive ransomware group, other ransomware operators have been retooling their approaches to make their attacks more effective and operations tougher to disrupt, says Yelisey Bohuslavskiy, chief research officer at threat intelligence firm Red Sense.

See Also: OnDemand | Code Red: How KnowBe4 Exposed a North Korean IT Infiltration

Credit needs to go to defenders both public and private, he says, for having upped their game. In response, ransomware operations have been forced to find replacements for tools and strategies they previously relied on, including botnets, Cobalt Strike beacons and dedicated blogs for naming victims and dumping stolen data.

"Groups that are operating now, they're going away from this blog-centric infrastructure," Bohuslavskiy says. "Some of them, like Karakurt for instance, or Silent Ransom Group, they're not even using blogs for extortion. They communicate with their victims via ProtonMail, exactly in order to avoid a situation in which you have all your negotiations being taken over by the government."

In this video with Information Security Media Group, Bohuslavskiy also discusses:

  • Major "damage amplification" innovations across what he characterizes as the three modern ransomware eras - from WannaCry to REvil to the post-Conti landscape;
  • How "hacking is weaponized creativity" for cybercriminals;
  • Why ransomware groups are ready to embrace social engineering and business email compromise attacks.

Bohuslavskiy is chief research officer and a partner at Red Sense. He previously served as co-founder and head of research and development at threat intelligence firm Advanced Intelligence. He has also worked in other roles including cyberthreat intelligence analyst at Flashpoint and due diligence researcher at Kroll.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.