Train with Henry Kister – Practical Distillation Technology

12–14 Oct, London
News & Events

New RA Group ransomware targets manufacturing firms in double-extortion attacks

Listen to this article

A new ransomware group named ‘RA Group' is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea. The new ransomware operation started in April 2023, when they launched a data leak site on the dark web to publish victims' details and stolen data, engaging in the typical ‘double-extortion' tactic used by most ransomware gangs. While the extortion portal was launched on April 22nd, 2023, the first batch of victimized organizations was published on April 27th, including sample files, a description of the type of content that was stolen, and links to stolen data.In a new report by Cisco Talos, researchers explain that RA Group uses an encryptor based on the leaked source code for the Babuk ransomware, a ransomware operation that shut down in 2021. More information: https://www.bleepingcomputer.com/news/security/new-ra-group-ransomware-targets-us-orgs-in-double-extortion-attacks/

In response to this, Dr Ryan Heartfield, Chief Technology Officer at Exalens (www.exalens.com) has offered the following comment:

“Ransomware is an enduring threat and as various industries enhance their cyber resilience, ransomware groups continue to seek out vulnerable targets. It's no surprise that sectors like manufacturing and pharmaceuticals, with generally lower cybersecurity maturity across their supply chains and minimal tolerance for downtime, are now in the crosshairs. Cybercriminals, like the RA Group, understand this. They capitalise on the fact that these industries are increasingly integrating and automating their operations, often with inadequate protection. Any disruption or downtime can critically impact supply chains, creating an immense pressure to restore systems promptly, regardless of the cost.

We anticipate an escalation in attacks on industrial organisations throughout this year and the next. So, how should they prepare? The hard truth is that if an attacker is persistent enough, they will find a way in. Therefore, organisations must focus on enhancing their operational resilience against threats like ransomware. This means ensuring they can maintain operations even if they become a target and suffer a breach.”

Erich Kron, security awareness advocate at KnowBe4 (knowbe4.com) adds:

“By reusing code written by others and leaked, these groups are reducing their development time significantly and possibly even incorporating features they would otherwise have been unable to create themselves. In the last few years, especially after Ransomware-as-a-Service (RaaS) offerings became popular, it's become very clear that you do not have to be a technical marvel to play in the cybercrime and extortion game. Simply using other people's code, through a subscription or through leaks such as this, with minor modifications can get just about anyone equipped to carry out attacks. This trend is going to continue to grow as offerings mature and as AI becomes better at assisting where attacker skills may otherwise fall short.

These changes that allow less technical people to carry out attacks are likely to increase the frequency of attempted ransomware attacks, however it doesn't change the tried-and-true methods of defence. Since most ransomware is spread through email phishing, making sure employees are educated on how to spot and report phishing attacks has never been more critical. Ensuring that there are Data Loss Prevention (DLP) controls in place can help stop the exfiltration of data, which bad actors love to use as leverage. Finally, ensuring that the organisation's backups are strong, tested, and completely isolated from the network continues to be a critical control as it can help organisations restore systems and get back to production quickly. While there is no silver bullet for ransomware yet, a layered defence is still your best bet against these actors.”

Show More

    Would you like further information about this article?

    Add your details below and we'll be in touch ASAP!


    Input this code: captcha

    Phil Black - PII Editor

    I'm the Editor here at Process Industry Informer, where I have worked for the past 17 years. Please feel free to join in with the conversation, or register for our weekly E-newsletter and bi-monthly magazine here: https://www.processindustryinformer.com/magazine-registration. I look forward to hearing from you!
    Back to top button

    Join 25,000 process industry specialists and subscribe to:

    PII has a global network of suppliers ready to help...