With Russia’s continuing invasion and aggression in Ukraine dragging on, additional concerns over cyber security and potential attacks from Russian-backed threat actors have arisen and remain high. As Russian malware attacks continue to rise, Cyclonis Limited and its research partners are closely monitoring the developing situation and have compiled effective ways to help you protect yourself from attacks.
US authorities have issued several joint security alerts, coming from the FBI, CISA and NSA, warning of the increased risk of cyberattacks originating from Russian-backed threat actors, including state-sponsored ones. The increasing popularity and accessibility of ransomware toolkits and ransomware-as-a-service, have resulted in an explosion of ransomware attacks.
To learn more about the ongoing cyber attacks against Ukraine, visit https://www.cyclonis.com/cyber-war-ukraine-russia-flares-up-invasion-continues/.
The Russian invasion of Ukraine has led to unexpected shifts across the ransomware landscape. For example, the infamous Conti ransomware gang suffered significant data leaks after declaring their support for the invasion of Ukraine. Around the same time, the criminal outfit operating the Racoon Stealer malware announced a suspension of operation, as one of the hacking gang’s core members died due to the war in Ukraine.
As Concerns About Ukraine Mount, Cybersecurity Experts & Governments Issue Ransomware Alerts
In spite of these shifts, Conti, LockBit 2.0, and other ransomware groups are expected to continue operations. Due to mounting concerns over the Ukrainian situation, cybersecurity experts and governments have issued cybersecurity alerts warning all organizations to be on high alert for potentially crippling cyber attacks. Ransomware, data-wipers, info-stealers, Distributed Denial of Service (DDoS) botnets, and other malware infections described below are expected to surge.
Conti is a Russian-backed ransomware threat actor responsible for multiple attacks on critical infrastructure systems. Conti ransomware has been active since 2020. It uses the AES-256 algorithm to corrupt critical files and demands payment to unlock the victim’s files. At the time of this writing, the ransomware gang has claimed to have compromised more than 50 organizations, including Ireland’s Health Services and Oiltanking Deutschland GmbH, a major German oil storage company.
LockBit 2.0 is a ransomware-as-a-service threat actor known for attacking large corporations such as Accenture and Bridgestone. It targets Windows and Linux servers by exploiting vulnerabilities in VMWare’s ESXi virtual machines. LockBit uses multiple methods to exfiltrate sensitive data and corrupts critical files. LockBit generally leaves instructions on the compromised system detailing how a ransom can be paid to restore the destroyed data. According to researchers at Trend Micro, in the second half of 2021 the United States was the country most affected by LockBit 2.0.
Karakurt is an advanced persistent threat actor focused on data exfiltration and extortion that is closely tied to other dangerous cybercrime outfits. In many cases, Karakurt and Conti ransomware infections have been found to overlap on the same systems. Researchers have also observed cryptocurrency transactions between wallets associated with the two groups. Even if you pay Karakurt’s ransom demands, you may still fall victim to Conti and other affiliated threat actors in the very near future.
How to Protect Yourself Against Ransomware Attacks
The attacks described above are not limited only to companies and government agencies. It is important to remember that many ransomware attacks target individual users and consumers worldwide. Users can follow these guidelines to help to prevent ransomware and malware attacks and help increase online security:
• Protect your computer from potential cyber attacks with a powerful anti-malware program like SpyHunter.
• Backup your data regularly. Consider using a reliable cloud storage backup program like Cyclonis Backup to protect your important files.
• Be careful online. Don’t click suspicious links from unknown and strange domain names. Don’t download attachments or click on links in unsolicited emails. These questionable links may lead to malicious sites or the installation of unwanted software without your knowledge.
• Use complex and unique passwords. To help keep track of all your passwords in one central place, use a reputable password manager like Cyclonis Password Manager.
• Keep your software up-to-date. Experts often recommend turning on automatic software updates where available.