In recent years, ransomware attacks have been known primarily for data exfiltration and encryption, which disrupts operations and extorts companies for financial gain. However, a disturbing new trend has emerged. Criminals are evolving their tactics, not only demanding ransoms but also creating more insidious methods of exploitation, with the intention of making victims “learn a lesson” while also finding new ways to profit from their attacks.
This evolution in cybercrime was revealed in a recent study by Barracuda Networks, which analyzed data collected over the past 12 months from more than 2,000 respondents at large organizations worldwide. The results paint a grim picture of how ransomware attacks are growing more sophisticated and diversified in their methods.
Top among the emerging threats, according to the research, is the wiping of data from backups and the deletion of shadow copies—an increasingly common tactic designed to prevent victims from recovering data easily. Once the attackers have encrypted files, they take things a step further by removing any backup copies, leaving companies with no choice but to pay the ransom if they hope to restore operations. This marks a disturbing shift from traditional file encryption attacks, which were more narrowly focused on locking files and demanding a ransom for decryption.
Second on the list of new tactics is the installation of additional malicious payloads, such as crypto-mining apps. By embedding these programs during the attack, cybercriminals can continue to profit long after the initial ransom has been paid, further increasing the cost of a breach for the victim.
Perhaps most concerning of all is the trend of cybercriminals targeting employees directly. In a shocking new development, attackers are threatening employees with severe consequences unless they force company leadership to pay the ransom. This tactic is intended to create internal pressure on management, pushing them to meet the criminals’ demands out of fear for their workforce’s safety or well-being.
The Barracuda Networks report comes at a time when another report by Semperis was released, highlighting similar trends. Semperis added a particularly worrying point: beyond threatening employees, some cybercriminals are now targeting company executives directly. They are threatening to file regulatory complaints against these organizations for failing to disclose cyber incidents or report them within the required timeframes, creating an additional layer of pressure on businesses that are already reeling from an attack.
With the rapid advancement of Generative AI technologies, the sophistication of these attacks has grown significantly. Attackers now have access to more powerful tools for crafting and executing their malware campaigns. The impact of these attacks has become more severe, as many traditional decryption tools have become ineffective or useless. Furthermore, the process of encryption and decryption itself often causes irreparable damage to the affected files, rendering any recovery attempt futile.
Another challenge for organizations is the increasing number of cybercriminals who, lacking the expertise to properly execute a recovery process, lock down entire databases or critical infrastructure with no feasible way to restore the data. This “half-baked” approach forces businesses into a corner, with no reliable recovery option except to meet the demands of the attacker.
The growing sophistication of these ransomware attacks, combined with their expanding scope, underscores the need for businesses to reevaluate their cybersecurity strategies. It’s no longer enough to simply protect against encryption; organizations must prepare for a broader range of threats that could jeopardize both their data and their reputation.
Join our LinkedIn group Information Security Community!
