Unscrupulous, organized, networked: ransomware is no longer just a casual pastime for bored hackers, but rather a criminal business with high turnover and stakes.

But in the end, cybercriminals are just people who sometimes go wrong with even perfectly planned ransomware attacks. Sophos names a few glitches to make you smile.

A typical ransomware is a sophisticated, human-led attack in which the intruders often remain on the network for several days to weeks before launching their extortions. During this time, they move through the network, stealing data, installing new tools, deleting backups, and much more.

The attack could be discovered and blocked at any time, and this particularly stresses the cybercriminals who control the attack via keyboard. They must change tactics mid-mission, or make a second attempt at planned malware operations if the first fails. This pressure can lead to errors. At the end of the day, cyber gangsters are also just people.

The Sophos Rapid Response Team has been chuckling about botched ransomware attacks several times recently during its analyses.

Here are the top 5 ransomware mishaps:

  1. The Avaddon group , which was asked by its victim to publish its own data - part of it could not be restored. The group, too dubious to understand what their victim had in mind, made good on the announcement that they would publish victim data and the affected company regained possession of its data.
  2. The Maze attackers , who stole a large amount of data from a company, only to find out that it was unreadable: already encrypted by DoppelPaymer ransomware. One week ago.
  3. The Conti specialists who encrypted their own, newly installed backdoor. They installed AnyDesk on an infected computer to secure remote access and then rolled out ransomware that encrypted everything on the device. Of course also AnyDesk.
  4. The Mount Locker gang , who couldn't understand why a victim refused to pay after they leaked a sample. Why? The published data belonged to a completely different company.
  5. The attackers left behind the configuration files for the FTP server that they used for data exfiltration. This allowed the victim to log in and delete all of the stolen data.

“The adversarial mishaps that caught our eye are evidence of how crowded and commercialized the ransomware landscape has become,” said Peter Mackenzie, manager of the Sophos Rapid Response Team. “As a result of this trend, you can find different attackers targeting the same potential victim. If you add the pressure from security software and incident responders, it is understandable that the attacks become error-prone.”

Source: Sophos
Article image: By Ivan Dudka / Shutterstock.com
Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )