Skip to main content

Hackers adopting more advanced ransomware tactics

(Image credit: Image Credit: WK1003Mike / Shutterstock )

Motivated by profit, hackers are changing the way they target companies with ransomware (opens in new tab), suggests a recent report from FireEye. While earlier methods were defined by the scattergun methodology, newer tactics are far more shrewd.

The scattergun approach is quite simple. Hackers cast a wide net, hoping to infect as many individual machines as possible, and then extort the victims for an average of $500-$1,000.

However, recent campaigns targeting entire industrial and critical infrastructure organisations have shifted to a more "operationally complex post-compromise approach".

Once a machine is infected, hackers now perform internal reconnaissance, moving laterally across the target network before actually deploying ransomware (opens in new tab). By first scouting out the landscape, they’re able to better identify key data and devices, block most critical assets and then negotiate from a privileged position.

Financial hackers were also said to be capable of “pivoting to and deploying ransomware in OT intermediary systems to further disrupt operations”.

FireEye believes mature hackers will “gradually broaden” their selection from only IT and business processes into OT asset monitoring and controlling physical processes. 

The company says the move is “apparent” in ransomware families like SNAKEHOSE, which is designed to execute its payload only after stopping a series of processes that include industrial software.

Further investigation revealed SNAKEHOSE is capable of killing more than 1,000 processes.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.