New Ransomware Methods You Need to Prepare For

Recent ransomware attacks show a change in tactics - businesswoman's files encrypted by security breach

Even as Microsoft adds defensive tools targeting  ransomware, attackers continue evolving new ransomware methods to effectively attack systems and compel payment.

To avoid joining the list of ransomware victims, you need to maintain awareness to implement effective cybersecurity defenses, alerts, and controls.

This week, we explore the evolution of ransomware in use, how gangs apply extra pressure, and how they affect the way you do business.

The Ransomware Attack Spectrum

Thankfully, the number of companies willing to pay ransoms is on the decline.

Yet simultaneously, the numbers of Ransomware-as-a-Service (RaaS) operations continue to grow, making it easier than ever to attack. Researchers also note that 86% of ransomware attacks now involve a double-extortion method. This particularly devastating attack involves both encrypting your local files and threatening to release stolen information.

Some executives continue hoping their organization might be too small to be targeted. As it turns out however, criminals are more than happy to attack victims of all sizes.

Ransomware gangs target organizations of all sizes world-wide. For example, hackers recently targeted several non-profits and smaller government agencies across the USA and Germany.

Here’s just a sampling:

School systems, non-profits, and businesses alike are all at risk of attack.

Social media attacks
Related: These New Attacks are Appearing on Social Media (click image to learn more)

Attacks on Large Companies

Larger companies deploying more security resources aren’t immune either. Both within the US and internationally, such victims abound.

Take, for instance, the following.


  • US victims:
    • Walmart denies an attack by the Yanluowang ransomware gang. However, the gang claims the encryption of between 40k and 50k devices, publishing data to their extortion site. The information shows indication the data came from inside Walmart.
    • A ransomware attack forces a network shutdown for publishing giant Macmillan
    • Attackers tricked a single employee at the BWI Airport Marriott, allowing them to steal 20 GB of guest PII and credit cards information.
    • A cybersecurity company providing services to the US government, Entrust, suffered a data breach after hackers breached their internal networks.

It’s important to note that none of these events released ransom amounts. Even so, it’s easy to see the business disruptions and public embarrassment these attacks cause.

It scams
Related: IT Scams Like These Could Mean Trouble for Your Business (click image to learn more)

New Ransomware Methods

Ransomware models progress just like any other business.

Some competitors expand their market with new messaging, others develop new business models, and others invest in R&D.

For ransomware groups, new phishing messages perform the same role as new marketing messages: enticing new users to click.

For example, the Luna Moth ransom group found success using fake subscription renewals and invoices to deliver a remote access trojan (RAT). Meanwhile, the established LockBit ransomware group found success through emails warning of copyright violations.

Again, just like your own business, new ransomware methods never stop evolving.

Let’s take a look at some of the more notable examples.

New Ransomware Methods

When ransomware groups first began publishing company data to the public, the tactic evolved the business model for ransomware gangs. Many victims felt compelled to pay up, in order to avoid public embarrassment.

But then, the ALPHV/BlackCat ransomware group decided to improve upon that model and add a search engine feature to their attacks.

So, why go through all that trouble?

Because employees and consumers could then check if their personal information might be in an exposed data set. As more people found out their data was exposed, the more pressure rose on the company to resolve the issue. The more pressure, the more likelihood of a payout.

And thus, new ransomware methods evolved once again.

LockBit soon added a similar feature to their data exfiltration site, hoping individual victims will apply pressure upon the victim to pay the ransom.

As of late, LockBit remains one of the most aggressive groups to pursue R&D, developing new features in their ransomware.

Just consider the following new ransomware methods, and you’ll see how they push the boundaries of attack.

LockBit’s recently released version 3.0 can now:

  • Use a key to obfuscate its main routines and prevent reverse engineering
  • Enumerate available application programming interfaces (APIs)
  • Abuse the Windows Defender command line tool to side-load malware onto compromised systems with malicious DLL files

Yet, that’s only one version of a single gang’s new ransomware methods.

Other notable ransomware innovations include:

Preparing In Advance

Every user and every data location needs layers of defense – even cloud resources.

Researchers even find that the versioning features for cloud-hosted OneDrive and SharePoint services can be abused to eliminate possible file recovery!

Ransomware continues to be big business. As such, you should prepare in advance for possible attacks.

The good news is, you never need to go it alone. Blue Bastion Cyber Security, along with our networking division Ideal Integrations, remains ready to help at a moment’s notice.

Simply contact us at 412-349-6680, or fill out the form below. With your guidance, our experts will outline various security tools, techniques, and services perfectly suited for your organization.

Secure Your Business With Blue Bastion - Contact Us Today!