Microsoft has detailed the tactics and techniques of some of the most costly ransomware in recent years, which aren't automated but rather are manually controlled by human hands at a keyboard.
It warned that some ransomware groups are now using the same skills as nation-state-backed hackers, and show an "extensive knowledge of systems administration and common network security misconfigurations", perform thorough reconnaissance, and then deliver "devastating" ransomware payloads. "Based on our investigations, these campaigns appear unconcerned with stealth and have shown that they could operate unfettered in networks," Microsoft said.
The ransomware variants included in Microsoft's survey are REvil, Samas or SamSam, Doppelpaymer, Bitpaymer, and Ryuk.
The average ransom demand for REvil is $260,000, making it
a 'big game' ransomware because of the targets selected and amounts demanded. US Fortune 500 engineer and industrial construction company EMCOR Group this week reported Ryuk
impacted its Q4 2019 revenues because of the IT downtime it caused.
Microsoft
has been monitoring another malware group it calls Parinacota (Microsoft is using volcanoes to name digital crime actors) for 18 months. They've historically hacked machines to install cryptocurrency miners and send spam, but recently started deploying Wadhrama ransomware on corporate networks in "smash and grab" attacks with ransom demands made within an hour of infiltration. If given the opportunity, the group also conducts reconnaissance and moves within the network, too. [....]
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
