A closer look at the famous ransomware groups
Document Type
Book Chapter
Publication Title
Ransomware Evolution
First Page
18
Last Page
29
Publisher
Taylor & Francis
School
School of Science
RAS ID
77597
Abstract
This study effort provides a closer look of the five prominent ransomware groups: LockBit, CL0P, REvil, No Escape, and Vice Society. These ransomware groups operate within a business model known as ransomware as a service (RaaS), wherein the criminal group demands a ransom in return for the stolen data of their victims. This model shares a comparable structure with the act of kidnapping someone in order to demand a ransom. This study is significant because it effectively demonstrates how the ransomware gang carries out its attacks on its victims. This research also examines the methods by which each ransomware group expanded its operations and recruited affiliates. The fact that ransomware groups employ identical methods and early actions to obtain access is really concerning. Numerous actors employ cyberphishing techniques to get access to users' workstations, ultimately compromising the entire business. Utilizing technical expertise in scripting can effectively render intrusion detection agents, anti-malware, and anti-virus systems inoperable. This demonstrates that regardless of the sophistication of an organization's intrusion detection or vulnerability detection systems, its users will always be the most vulnerable points. Training and promoting security awareness among employees are always essential.
DOI
10.1201/9781003469506-3
Access Rights
subscription content
Comments
Tan, R., Saputri, U., Xiao, J., Liu, J., & Ekeh, D. (2024). A closer look at the famous ransomware groups. In Ransomware evolution (pp. 18-29). CRC Press. https://doi.org/10.1201/9781003469506-3