How Recent Ransomware Attacks Show a Change in Tactics

Recent ransomware attacks show a change in tactics - businesswoman's files encrypted by security breach

Security news websites cover ransomware developments almost daily. However, with so many new issues cropping up, the constant warnings can easily become background noise for busy security teams.

Unfortunately, this overwhelming amount of information too often leads to complacency – which leads to breaches.

But, like it or not, this form of cyberattack remains the most disruptive and expensive of all.

Though it isn’t always easy, your security team needs to fight off complacency to maintain basic security, defend against zero-day vulnerabilities, and to maintain awareness of the latest tactics.

These recent ransomware attacks prove that if you’re not keeping up with the times, you’ll be caught in the worst of positions.

Shifting Ransomware Tactics

Recently, Verizon discovered that 25% of all 2021 breaches contained a ransomware component. Further, a full 80% of the attacks were carried out by organized cybercriminal gangs or known threat groups.

Unfortunately, law enforcement struggles to prosecute and strike back against these attackers because few companies report them to the federal government.

So, why don’t businesses contact the authorities?

Well, most organizations try to preserve their reputations and limit legal liability by hiding such attacks. Threat actors know this, and use it to their advantage whenever possible.

In the past, attackers usually announced data exfiltration immediately, to put pressure on payments.

But, with changing times comes shifting ransomware tactics.

More recently, attackers have started delaying public announcements, motivating companies to pay up to avoid public embarrassment.

However, avoiding public embarrassment and paying the ransom may lead to future pain.


The reality is that 80% of victims who pay will be hit a second time.

It’s truly a no-win situation.

If you pay, you’ll probably be hit again, and there’s a good chance the public will find out anyway.

Refuse to pay, and the public definitely is alerted, along with potentially losing your data (unless you have the right backups in place, of course).

Follina Zero Day Bug
Recent: What the Follina Vulnerability Means to Your Business - click image to learn more

Recent Ransomware Attacks on the Public

Although ransomware victims might want to avoid public attention, often the consequences are too obvious to hide.

For example, a recent ransomware attack on India’s second-largest airline, SpiceJet, led to flight delays, crashed their booking systems, and disabled their phone-based customer service.

Attacks on governments can lead to even more significant disruptions.

An attack on the Austrian federal state of Carinthia:

  • Took down the state’s website
  • Disabled email service
  • Affected 3,000 systems
  • Prevented issuing new passports
  • Disabled traffic fine systems
  • Disrupted Covid-19 contact tracing and test processing

The Italian city of Palermo suffered similar widespread disruption from recent ransomware attacks by Vice Society, a gang known to exploit unpatched vulnerabilities. This attack prevented access to the historic city center, and also greatly disrupted all of the businesses dependent upon tourists.

While smaller municipalities and states often have very limited IT and security resources, recent ransomware attacks prove even federal governments aren’t immune.

The government of Costa Rica recently suffered a series of Conti and Hive ransomware attacks that forced the government to declare a state of emergency. The Conti gang, with ties to the Russian government, even stated their goal was to overthrow the Costa Rican government.

The number of resources available doesn’t determine the success of a ransomware attack. And if struck, you’ll never be able to control if the attack will be publicly known.

Preparation, awareness, and detection remain the key elements for ransomware prevention –  techniques available to even the smallest company.

Recent Ransomware Adaptations

Though attackers once focused on Windows systems, Linux system attacks increased 400% between Q1 and Q4 of 2021.

While not all attacks involved ransomware, some gangs specialize in Linux ransomware attacks, while others adapted existing ransomware to attack Linux servers.

Data exfiltration and extortion remains a key motivation for attackers. Recently discovered ransomware gangs include corporate spies seeking additional ransomware revenue, and new extortion websites that skip the data encryption component.

The DeadBolt ransomware gang even attempts double-extortion in their attacks on internet facing Network-Attached-Storage (NAS). In addition to trying to force their direct victims to pay a ransom, they also try to make the NAS vendor pay.

Some gangs now even cooperate with each other. For instance, the Black Basta gang teamed up with the Qbot malware to expand their mutual reach.

The Conti gang that attacked Costa Rica (above) has also teamed up with Hive, Diavol, and Karakurt in apparent efforts to escape US sanctions against them.

That means companies caught up in recent ransom attacks need to be even more cautious about triggering US Treasury repercussions.

There is even a strange ransomware that demands public acts of kindness to unlock files.

Whether this is a genuine strategy or simply a way to cover up other types of attacks cannot yet be determined, but it shines a light on ransomware ecosystem diversity.

Final Thoughts on Preparation, Awareness, and Detection

The world of cybersecurity is an ever-changing landscape, with new threats constantly emerging.

And, with rules and regulations continuing to evolve regarding ransomware payments, it can feel like an overwhelming challenge at times.

Tomorrow’s ransomware victims will be those that fail to prepare for attacks, maintain awareness of trends, or detect malicious activity.

Fortunately, even for overwhelmed IT teams, these goals can be placed within reach through outsourcing.

Blue Bastion, along with the added support of Ideal Integrations, can help with both short-term planning and long-term monitoring.

Simply contact us at 412-349-6680, or fill out the form below and receive a no-obligation, simple-to-understand overview of options that fit your needs.

Stay vigilant, friends!

Secure Your Business With Blue Bastion - Contact Us Today!