Cybersecurity firm Cisco Talos has discovered three techniques to track down ransomware groups. In fact, it has traced the activities of 4 notorious hacking groups that are in the business of distributing ransomware and gave their whereabouts to the law enforcement agencies.
Practically, it is hard to track down cyber criminals on the dark web and needs a lot of sophistication to at least capture their beacon.
But security researchers from Cisco have gained new insights and achieved success in nabbing groups such as Nokoyawa, Quantum, Snatch, and DarkAngels.
The first method involves matching serial numbers generated by TLS certificates of the threat actors, as it can be matched with that of the certificates on the public internet. The second method is also similar and is useful to match browser favicons- the icons that are displayed on the site’s URL in the browser bar-both on Tor and on the open internet.
Third is different as it involves catastrophic security errors and misconfiguration reducing anonymity.
Talos team is urging companies to stay more vigilant against such sophisticated malware attacks and is asking IT heads to keep their systems up to date with the latest patches, remove any obsolete systems and keep a dedicated team to track down and act on alerts.
It is also asking victims not to pay any ransom to hackers as it not only encourages crime but also doesn’t guarantee a decryption key for the payment.
As the same ransomware group targeted twice 60% of companies or thrice a year, there is no guarantee that the hackers will keep up their word and will not strike back.