The recent spike in ransomware attacks has sparked conversation surrounding cybercriminal gangs’ operations and how, so far, they have been very effective in launching cyberattacks in the US and minting millions of dollars from their victims.
To address the recent spike in ransomware attacks and the growing trend of cybercriminals profiteering off of these attacks, the recently concluded Group of Seven (G7) nations Carbis Bay communique announced their willingness to work together to tackle ransomware rings around the world. This included demanding Russia to take action on ransomware rings within their borders, a cautionary measure based on recent attacks that are believed to have originated from Russia.
The G7 statement also called for action from other countries to come together and fight the ransomware threat posed by these ransomware rings and disrupt their criminal networks from operating within their borders. However, the looming question that remains in all this discussion about ransomware rings around the world is the actual identity of these cybercriminals. We are going to explore some of the most popular ransomware rings around the world, how they attack and the threat they pose to veterinary practices, businesses, governments and other organizations.
Ransomware rings you should be aware of as a veterinary practice
The recent immigration to remote work over the last year has created an environment that cybercriminals are thriving resulting in a 150 percent increase in the number of attacks during the same period. Reports also indicate that amount paid to ransomware rings increased more than 300 percent over the past year, further highlighting the urgency with which these attacks need to addressed.
Veterinary practices have also fallen victim to cyber-attacks, both directly and indirectly, to these ransomware rings. Below are some of the ransomware rings that have been very destructive over the past year.
Maze ransomware group
The maze ransomware group has grown in publicity in the past few years, due to their methods of operations, which involve publicly shaming their victims into paying them their ransomware. The group operates ransomware with the same name- Maze – which is believed to be a variant of ChaCha ransomware with some added functionalities.
The group started its operations in 2019 when the first Maze ransomware was discovered in May. Since then, The Maze Ransomware group prides itself as having been behind many attacks targeting numerous industries including veterinary practices and financial institutions.
The group’s preferred mode of ransomware distribution is through spam emails, often with malicious links or attachments, RDP brute force attacks and using exploit kits to target their victims.
In 2020, the Maze Ransomware group teamed up with two other ransomware rings, LockBit and RagnarLocker, essentially forming a ransomware cartel that helped the group grow in popularity due to its notoriety and cruelty towards its victims.
The DarkSide ransomware group
The colonial ransomware attack of 2021 led to a major fuel shortage supply across the US, with the company finally paying a ransom of roughly $5 million to get their data back.
The DarkSide ransomware ring was determined to be behind that ransomware attack, and although the US law enforcement was able to recover almost all the amount paid to these hackers, and the group claiming that it was shutting down, DarkSide still remains an active threat that might target your veterinary practice. The Russia-based group has, in the past, shown its willingness to target small institutions, and hence small and medium veterinary practices need to revamp their cybersecurity to ensure that they do not fall victim to the Darkside.
This Russian-based ransomware ring is behind most of the high-profile cyber attacks that have been launched in the US for the past year.
This includes targeting former US President, Donald Trump’s emails and asking for payment not to release its content, to hacking pop singer Lady Gaga and Madonna in May 2020. The group was also responsible for hacking and stealing Apple product designs and threatening to release them to the public.
This year, it also targeted JBS Foods, which supplies almost a quarter of all meat products in the US. In this attack, REvil ransomware group was able to fetch more than $11 million from the company, according to reports that showed that the company paid this cybercriminal gang in order to resume their operations as soon as possible.
The REvil group is also not afraid to be labeled as a terrorist organization, blushing these allegations by claiming they are aware that they are sometimes referred to as such. The group is also active on social media, with their own spokesperson and channels which they post details of some of their victims.
What makes REvil dangerous for veterinary practices, including small and medium-sized practices, is their Ransomware as a Service (RaaS) products that they offer to anyone at a fee. They are willing to give amateur cybercriminals their sophisticated ransomware programs at a monthly fee. These amateurs are willing to target any institution as long as they are making money, and your veterinary practice might just be their next target.
Ryuk criminal group
Ryuk ransomware ring has experience in targeting veterinary practices, with its largest attack coming in 2019, where it targeted over 400 veterinary practices across the country. This attack targeted the National veterinary Associates (NVA), a California-based company that operates over 700 animal care facilities across the US, and was able to spread to over 400 veterinary practices operated by the company.
However, what makes Ryuk criminal group dangerous is how effective it has become over the years in extorting money from its victims. In 2020 alone, the group is believed to have earned more than $150 million worth of bitcoin from their ransomware attacks.
Ryuk ransomware group is also one of the most creative, research-oriented, innovative cybercriminal group which is always looking for new ways to attack. They are constantly shifting their mode of attack, with their latest innovation involving downloading payloads through the PowerShell commands, disabling security tools and stopping data backups during attacks to inflict maximum damage on systems. The shift in tactic has also been to avoid detection and to allow it to remain in systems infected longer.
Clop ransomware gang
This notorious cybercriminal gang will contact your veterinary practice clients once it has infected your system, informing them that their data has been compromised, and asking them to call you so that they do not release the data.
The gang has also been involved in high-profile cases, with the latest such case coming in December last year when it compromised over two million credit card information from E-Land. It was also linked to the global acceleration data breaches of 2020 and early 2021 and is believed to have originated from Russia.
Need help protecting your veterinary hospital from cyber criminals?
The best way to know your hospitals is protected is to know your weaknesses. Schedule the only veterinary specific cyber security audit today. We will help you build an incident and disaster recovery plan so that you never have to pay the ransom! Schedule a FREE call today to see how a cyber security audit will help your practice. SCHEDULE NOW