Why Ransomware Gangs Opt for Encryption-Less AttacksZscaler Global CISO Deepen Desai on Shifting Attacker Tactics
In encryption-less attacks, ransomware gangs steal large volumes of sensitive data, including terabytes of information, without locking up systems. Attackers leverage the value of the stolen data as a means to coerce organizations into paying ransoms to avert data release.
Attackers have shifted their strategies in the face of increased law enforcement attention and the desire to encourage ransom payments. This strategy to minimize business disruption helps keep the victim's business functional while pressuring them to pay the ransom discreetly, said Deepen Desai, global CISO and head of security research at Zscaler.
"There is increased government, law enforcement and regional crackdown happening against these ransomware operators," Desai said. "They also want to increase the chance of a victim paying ransom because in many of the cases - and this is not in large numbers - the victim will not even report it. They will pay it off and keep it under the wrap. It's a win-win situation if you think about it from their perspective."
In this video interview with Information Security Media Group at Black Hat USA 2023, Desai also discussed:
- The evolution of attacker behavior and programming languages;
- The growing trend of double-extortion attacks;
- The importance of comprehensive defense strategies - such as inline sandboxing, TLS inspection and zero trust architecture - to counter evolving attack types.
Desai is responsible for running global security research operations as well as working with the product group to secure the Zscaler platform and service. He has been actively involved in the field of cybersecurity for the past 19 years. Prior to joining Zscaler, he held security leadership roles at Dell SonicWALL.