August 25, 2022

Security provider Barracuda analyzed BlackMatter, Karakurt and LockBit to illustrate how threat actors carry out ransomware attacks.

BlackMatter uses phishing emails to compromise employee accounts and gain network access. Once they have gained access, they scan and move laterally within the network while they install hacking tools and steal sensitive data.

Karakurt Data Extortion Group carries out a brutal attack on the VPN login page of an organization after which they compromise several domain controllers and use RDP to access the compromised systems.

LockBit uses stolen login credentials to log in to a company’s VPN login page without MFA. Attackers use malicious PowerShell scripts and install system-level DLLs (dynamic link libraries) to steal additional login credentials and passwords.

According to Barracuda, between January and June 2022, more than 1.2 million ransomware attempts were discovered per month. Ransomware attacks undoubtedly remain a top security problem on a broad front. A careful analysis of ransomware attacks shows, however, that attackers are selective when it comes to industries they target.

According to Barracuda, attacks on municipalities have increased slightly in the last 12 months, while attacks on educational institutions have more than doubled and attacks on health and financial companies have tripled. Also, attacks against critical infrastructure quadrupled over the same time.

Service providers accounted for 14% of the attacks analyzed by Barracuda. Automotive, hospitality, media, retail, software and technology companies have also been targeted in the last 12 months.

The sources for this piece include an article in TechRepublic.