CUs Allegedly Hit With Ransomware

Source: CUToday.info

Two more credit unions have allegedly been compromised in ransomware attacks, according to respective postings on two criminal organizations’ websites.

As CUToday.info has reported, ransomware attacks have shifted from encrypting an organization’s data and demanding a ransom to unlock it, to stealing the information, posting a sample on their website, and then threatening to make all of the data public if the organization does not pay the ransom. Sometimes the criminals do both—encrypt the data and also hold it for ransom.

Brett Callow, threat analyst with Emsisoft, told CUToday.info that currently there are about 30 active data-stealing ransomware operations.

“But keep in mind that groups retire old brands, launch new ones, teams split and start their own operations,” Callow said. “Also, many groups work on a profit-sharing or an affiliate model basis, with the groups that created the ransomware effectively renting it out and splitting proceeds with the people who use it to carry out their attacks—and the latter can cooperate with multiple groups.”

Callow said, essentially, the ransomware landscape constantly shifts.

“Even when a criminal brand appears to be new, its operators may well be old hands,” he said.