The cursed word. Ransomware is the malware in fashion and before which the cybersecurity departments of companies and public organizations tremble. Few know that its creation dates back to 1989, when Joseph Popp, using floppy disks on which there was supposedly information about AIDS, locked users’ computers and asked for a small amount of money in exchange for unlocking it. Since then, different variants have been appearing, but it is after the appearance of Cryptolocker in 2014 and, above all, Wannacry and NotPetya, when ransomware begins to be seen as a real threat. Today, the evolution of this malware is more than worrying. Not only is it no longer necessary to be a programmer, but it is sold as ransomware as a service, in such a way that anyone can introduce malware on almost any computer or that there are already real business emporiums that base their business on the development of new variants ransomware like the well-known Russian group Conti. Ransomware gangs are taking their tactics to a new level and are currently focused on popularizing multi-extortion techniques that allow them, on the one hand, to achieve greater economic benefit and, on the other, to make the threats as immediate as possible. The success and media exposure of several cyberattacks led companies to take action and today, many of them are protected. One of those means is that it does not matter if a computer is blocked: security measures stop the spread to other computers and lost data is recovered because it is also stored elsewhere. So, to save this situation, cybercriminals now act by threatening to publish economic data and, in some cases, have even made threatening phone calls to employees and customers and launch denial of service (DoS) attacks to shut down the company’s website. victim in an effort to speed up the payment of ransoms. These multi-extortion techniques resulted in the names and proofs of compromise of 2,566 companies being published on ransomware leak sites in the past year.
Ransomware gangs are taking their tactics to a new level and are currently focused on popularizing multi-extortion techniques
Techniques for success even value more traditional means, such as bribing employees to leave doors open for them to introduce ransomware. This can be an open door to, for example, access a cloud environment. In this case, it is important to note that it is the responsibility of the organization and not the provider to securely configure, operate, and monitor the workloads that it uploads to the cloud. Ransomware doesn’t work the same anymore. Therefore, it is not enough to have a good protection solution. Employee training is the most important factor in preventing a ransomware attack.