TRENDING:

3rd Party Risk Management , Business Continuity Management / Disaster Recovery , Critical Infrastructure Security

Ransomware Evolves: Affiliates Set to Wield Greater Power

Operators Left Exposed After Overreaching, Says McAfee Enterprise’s John Fokker Mathew J. Schwartz (euroinfosec) • November 1, 2021    
John Fokker, principal engineer and head of cyber investigations for Advanced Threat Research at McAfee Enterprise

How is the ransomware ecosystem set to evolve?

See Also: Live Webinar Tomorrow | Remote Employees & the Great Resignation: How Are You Managing Insider Threats?

Since ransomware-wielding attackers overreached - in particular after DarkSide hit Colonial Pipeline this past summer - the administrators of those groups have been banned from leading cybercrime forums, says John Fokker, the principal engineer and head of cyber investigations for Advanced Threat Research at McAfee Enterprise. And that change has affected ransomware operators' ability to recruit affiliates via forums and to use their malware against victims in exchange for a cut of every ransom a victim paid.

As a result, "what we're seeing, and what we think is going to happen, is that there is going to be a power balance shift," Fokker says. As detailed in a new ​report he co-authored, McAfee Enterprise predicts that experienced affiliates will more often be calling the shots and selling access to a victim to the highest ransomware operation bidder. Unfortunately, he adds, this more decentralized approach may also make it much more difficult to track ransomware operations, not least for law enforcement agencies.

In a video interview with Information Security Media Group, Fokker discusses:

  • How and why the ransomware-attacker balance of power has been shifting to favor affiliates;
  • Attackers' ongoing use of business email compromise and CEO fraud;
  • Likely changes in extortion and data breach tactics being wielded by criminals.

Fokker is the principal engineer and head of cyber investigations for Advanced Threat Research at McAfee Enterprise. He was previously the project leader for the cybercrime threat intelligence team for the Dutch Police.

Previous
Celebrities' Data Dumped on Darknet Site After Hack
Next
Trojan Source: Invisible Vulnerabilities in Most Code

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.



Around the Network

A Marketer's Competition
A Marketer's Competition
Taking a Risk-Based Approach to Cybersecurity
Taking a Risk-Based Approach to Cybersecurity
Trusting Our Global Supply Chain
Trusting Our Global Supply Chain
Preparing for Hacktivism Tied to US Supreme Court's Ruling
Preparing for Hacktivism Tied to US Supreme Court's Ruling
Lessons for Cybersecurity Leaders From Russia-Ukraine War
Lessons for Cybersecurity Leaders From Russia-Ukraine War
Tips to Improve Medical Device Vulnerability Communications
Tips to Improve Medical Device Vulnerability Communications
Podcast | Let's Talk SOC
Podcast | Let's Talk SOC
The Ransomware Files, Episode 7: Ryuk's Rampage
The Ransomware Files, Episode 7: Ryuk's Rampage
An Initiative to Enhance Patient ID, Record Matching
An Initiative to Enhance Patient ID, Record Matching
Ransomware Ecosystem: Big Changes Since Colonial Pipeline
Ransomware Ecosystem: Big Changes Since Colonial Pipeline

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.