Skip to main content

Hackers have a new way of forcing ransomware payments

Bad actors are becoming craftier with their methods of ransomware attacks by targeting backup storage to force organizations to pay a ransom, according to the software company Veeam.

In the event of a ransomware attack, companies typically have two options: pay the ransom and hope that their data can be restored through a decryptor sent by the bad actors or ignore the ransom demands and restore their data via a backup option, TechRadar reports.

Kaspersky

However, in its 2023 Ransomware Trends Report, Veeam found that ransomware hackers are going straight to the backup options to force companies to give in to ransom demands.

According to the company’s research that looked at 1,200 organizations that were victims of nearly 3,000 cyberattacks, Veeam claims that 93% of cases saw bad actors attempt to access backups during attacks. They were able to access backups, even partially, in 75% of those cases, while in 39% of cases, companies lost all of their backup data.

Experts at Veeam note that the best practice for organizations to protect against ransomware attacks is by having strong security measures for both original data and backup. The company recommends frequent, automated cyber-detection scans for backups, auto-verification for backup restoration, and using immutable sources — such as immutable clouds and immutable disks — as backup options to aid against data being deleted or corrupted.

While many organizations typically do pay the ransom when their data is compromised, this does not guarantee a recovery of data. Of the 80% of organizations that paid ransom demands, 59% were able to recover their data, while 21% were not, according to Veeam.

Paying ransom demands is up 4% year-on-year, while organizations using a backup option is down 19% year-on-year.

Ransomware attacks are becoming so lucrative that the notorious cybercriminal gang LockBit has set its sights on targeting macOS and Mac computers as of April. The never-before-seen ransomware might be a first for LockBit, as the gang typically develops on Windows, Linux, and virtual host machines.

The Mac-specific ransomware seems to target Apple Silicon Macs and is listed on the web under the build name locker_Apple_M1_64, according to the security research group MalwareHunterTeam.

The group notes that now that news of the ransomware is out in the open, Macs might be more susceptible to cyberattacks.

LockBit is known as a ransomware-as-a-service (RaaS) operation that allows others to purchase their nefarious products for their own unsavory tasks.

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Hackers stole $1.5 million using credit card data bought on the dark web
A credit card is passed from one person to another.

In what sounds like a movie script, over $1 million was stolen by a group that made use of thousands of credit cards posted for sale on the dark web. Some of the details of this complex cybercrime operation have come to light following an indictment by the U.S. Department of Justice.

In the United States v. Trevor Osagie, the defendant has pled guilty to conspiracy to commit credit card fraud from 2015 to 2018. Osagie worked with a network of thieves and managed to rack up over $1.5 million in damages.

Read more
Hackers sink to new low by stealing Discord accounts in ransomware attacks
a faceless hacker in a black hoodie in front of a computer screen with lines of code on it.

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.

Read more
Microsoft just gave you a great way to fight Windows brute-force attacks
Microsoft Security logo appears in the corner of a scene with IT workers at computers

As ransomware attacks continue to surge, Microsoft has taken a major step toward closing off one of the common methods of gaining unauthorized access to Windows computers. Known as brute-force attacks, repeated attempts are made at guessing the login password on one or more computers in a network.

Microsoft announced today that account lockout is available for local administrators in the latest cumulative update for Windows. This will automatically enable account lockout for new machines set up on Windows 11, version 22H2, as well as any new machine that gets the October 11, 2022 Windows cumulative update.

Read more