Security News > 2024 > July > Ransomware crews investing in custom data stealing malware

As ransomware crews increasingly shift beyond just encrypting victims' files and demanding a payment to unlock them, instead swiping sensitive info straight away, some of the more mature crime organizations are developing custom malware for their data theft.

"Over the past year, we have witnessed major shifts in the ransomware space with the emergence of multiple new ransomware groups, each exhibiting unique goals, operational structures and victimology," the report's authors note.

Plus, as many gangs shift to double-extortion tactics, as we've seen in the recent high-profile attacks against the London hospitals' pathology services provider Synnovis and Christie's auction house, among others, some more established ransomware-as-a-service operations are developing bespoke malware for data exfiltration, according to Talos.

"StealBit was created to maximize the overall efficiency of data exfiltration activities for LockBit affiliates, shortening the timespan of data theft," Nutland said.

Finally, they copy chosen data and then deploy the ransomware encryption code.

"Infostealers are a tool often leveraged by initial access brokers in collecting credentials and personal data of victims, which are then sold as credential dumps on the dark web," Nutland said.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/10/ransomware_data_exfil_malware/