Fraud Management & Cybercrime , Fraud Risk Management , Ransomware

Ransomware Attackers Eying 'Pure Data Leakage Model'

Facing Intense Scrutiny, Attackers Retool, Says Cybercrime Researcher Bob McArdle
Bob McArdle, director of cybercrime research, Trend Micro

A funny thing happened on the way to the nonstop ransomware payday for some criminals: They hit the wrong targets.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

After ransomware attacks by Russian-language group Conti against Ireland's health service in May, DarkSide against U.S.-based Colonial Pipeline the same month, and REvil against remote management software firm Kaseya in July, the Biden administration has been moving to much more aggressively disrupt the ransomware business model. The White House has also called out the Russian government for not doing more to police criminals acting from within its borders and threatened to disrupt such operations unless Moscow acts.

Feeling the heat, some leading Russian-language cybercrime forums have announced bans or restrictions on ransomware discussions and recruitment, says Bob McArdle, director of cybercrime research at security firm Trend Micro.

In addition, some ransomware groups have been exploring whether they might shift to just stealing data and attempting to extort organizations - as, for example, the Clop group did starting in December 2020, when it stole data from Accellion File Transfer Appliance users and held it for ransom, he says.

"We're seeing some groups discussing about just moving to the pure data leakage model," McArdle says. "Plus, 'We will tell all your customers that we're about to leak your data.' Just those two components. And especially in industries that are tightly regulated, like healthcare or something like that, where if you're breached, that can cost a fortune, then that's a very good target to go after for criminals."

In this video interview with Information Security Media Group, McArdle also discusses:

  • The move to ban or restrict ransomware discussions and recruitment on some leading Russian-language cybercrime forums;
  • How ransomware operations are continuing to refine their business model to target bigger organizations;
  • Why banning payments to ransomware groups would do little more than "revictimize victims."

McArdle is responsible for managing part of Trend Micro's Forward-Looking Threat Research Team, which focuses on cybercrime and criminal underground research, but also researches potential new attack vectors and emerging technologies.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.