A cybersecurity expert explained why he is convinced that the promises fabricated past ransomware groups amid the pandemic are irrelevant.

Brett Callow — threat annotator at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity confronting medical organizations among the coronavirus pandemic. Notwithstanding, he believes that those promises are irrelevant:

"The claims of a ceasefire made past ransomware groups are irrelevant [and] should be completely overlooked. Would yous go out your front end door unlocked only because the local burglars had pinky-promised not to rob you lot? Probably not. The story of the frog and the scorpion comes to mind."

Empty promises past ransomware groups

In mid-March, cybersecurity news outlet BleepingComputer, reported that it contacted a number of ransomware groups. At that time, some of them promised not to attack health and medical organizations during the ongoing pandemic. This is in line with Unconversant'south comment:

"Claims made past ransomware groups should exist taken with a grain of salt. They've put lives at chance past attacking hospitals in the past, and it would be a mistake to assume that they would hesitate in doing so at present."

It is worth pointing out that — shortly after making the promise — black hat hacker group, Maze, has infected the infrastructure of a business firm researching the coronavirus with ransomware. As Cointelegraph reported yesterday, a recent written report also suggests that — despite the promises — while global ransomware attacks decreased, hospitals are still being attacked. Because of the unreliability of their promises, Callow advises media outlets to avoid covering the ransomware groups' promises:

"Personally, I practice non think the press should repeat claims made by ransomware groups as there is really no point or benefit in doing so. The details that the criminals choose to release will be cherry-picked and only information that they want to be in the public domain - probably considering they believe it will help their crusade in some style.  [...] The press should avoid portraying ransomware groups as existence in any way Robin Hood-like or repeating claims that assistance them."

The cybercriminal groups behind ransomware attacks are highly organized and — co-ordinate to Unconversant — in many ways resemble legitimate companies. He explained:

"Ransomware groups operate like legitimate businesses in a number of ways. They adopt strategies that have been proven to piece of work by other groups. [...] They examination cost sensitivity in lodge to determine the optimal ransom demand. They effort to make it easy as possible for 'customers' to 'purchase' their product, which is why Bitcoin, the well-nigh widely known and stockpiled cryptocurrency, is their currency of choice."

Ransomware is a constantly evolving threat

Ransomware is widely believed to be one of the biggest cybersecurity threats in the world. This kind of malware is speedily evolving in ways that go along to make it fifty-fifty more dangerous. Callow pointed out i such change:

"The biggest changes in the ransomware world have been the transition from encryption-merely attacks to encryption [and] exfiltration attacks and, more recently, the weaponization of exfiltrated information. Ransomware groups no longer simply publish their victims' data; they threaten to sell it to competitors, betrayal 'dingy secrets' and use it to attack companies' customers and business partners."

Recently, the ransomware grouping behind malware Sodinokibi announced its upcoming switch from Bitcoin (BTC) to Monero (XMR) to foreclose tracking past law enforcement. Unconversant pointed out that this may be the start of a new trend amidst ransomware-specialized cybercrime organizations:

"While at that place are some instances of demands being fabricated in alternative currencies, this will exist the first time that a major ransomware group has settled on a currency other than Bitcoin. Like other businesses, criminal enterprises adopt strategies that accept been proven to work and, appropriately, if this switch proves successful for REvil, nosotros'd expect to meet other groups begin to experiment with demands in currencies other than bitcoin."