How Threat Actors Target Specific Industries with Ransomware Attacks

Share post:

Security provider Barracuda analyzed BlackMatter, Karakurt and LockBit to illustrate how threat actors carry out ransomware attacks.

BlackMatter uses phishing emails to compromise employee accounts and gain network access. Once they have gained access, they scan and move laterally within the network while they install hacking tools and steal sensitive data.

Karakurt Data Extortion Group carries out a brutal attack on the VPN login page of an organization after which they compromise several domain controllers and use RDP to access the compromised systems.

LockBit uses stolen login credentials to log in to a company’s VPN login page without MFA. Attackers use malicious PowerShell scripts and install system-level DLLs (dynamic link libraries) to steal additional login credentials and passwords.

According to Barracuda, between January and June 2022, more than 1.2 million ransomware attempts were discovered per month. Ransomware attacks undoubtedly remain a top security problem on a broad front. A careful analysis of ransomware attacks shows, however, that attackers are selective when it comes to industries they target.

According to Barracuda, attacks on municipalities have increased slightly in the last 12 months, while attacks on educational institutions have more than doubled and attacks on health and financial companies have tripled. Also, attacks against critical infrastructure quadrupled over the same time.

Service providers accounted for 14% of the attacks analyzed by Barracuda. Automotive, hospitality, media, retail, software and technology companies have also been targeted in the last 12 months.

The sources for this piece include an article in TechRepublic.


Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Cyber Security Today, June 19, 2024 – How an attacker hid on an IT network for three years

How an attacker hid on an IT network for three years Welcome to Cyber Security Today. It's Wednesday June...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways