In recent times, we’ve witnessed a significant shift in the tactics employed by ransomware groups. Instead of solely infiltrating corporate networks to pilfer data and subsequently encrypt databases for a ransom, 2023 has seen a distinct evolution in the strategies employed by these criminals. They are now actively enticing employees of companies to willingly share their credentials in exchange for a share in the profits reaped from file-encrypting malware attacks.
In a recent blog post published by the Everest Ransomware Group on the dark web, this illicit organization openly disclosed its offer to distribute 10% of the proceeds obtained through successful attacks to those who aid them in breaching a network. What’s particularly noteworthy is that the Everest Ransomware Group is assuring complete anonymity for the individuals or groups who collaborate with them, and they pledge full transparency in all financial transactions conducted with their victims. This revelation stems from an analysis carried out by Searchlight Cyber, a group of experts specializing in the dark web, based in the UK.
Currently, these criminals are primarily targeting insider threats within companies located in the United States, Europe, and Canada. They are willing to accept remote access to a company’s network through various software options, such as RDP, AnyDesk, and TeamViewer.
Delving deeper into the details, it becomes evident that this group has been active since 2022, but it was only from July of this year that they began to exhibit their newfound ability to entice employees of companies. The degree of success achieved by these criminals in their endeavors remains uncertain, as ongoing financial analyses are still in progress.
In light of these evolving trends in the ransomware landscape, it is imperative that we adopt a proactive approach to bolstering security measures, ensuring the safeguarding of our IT systems against the growing threat of malware attacks.
