Cybersecurity experts have suggested that a very small number of “elite” hackers – about 100 people – are behind almost all extortions on the Internet.
The conclusion was made on the basis of a study conducted by the Barracuda Network company together with specialists from Columbia University. More than 300,000 extortionate emails were studied, as well as the addresses of cryptocurrency wallets, to which the attackers received the ransom.
It turned out that 80% of all letters are associated with a hundred of the same mailing addresses.
This means that there is a small group of hackers behind them which are possibly related. Most often they require small amounts of less than 2 thousand dollars, probably with the expectation that the victims will not contact the police and will not attract the attention of banks and tax authorities. Only bitcoin is used to receive the ransom.
Cryptocurrency provides fraudsters with a high level of anonymity.
Let me remind you that we also wrote that The Wagner malware instance analyzed by experts appears to be a variant of the Chaos ransomware, which also evolved from another infamous ransomware called Ryuk.
The researchers also analyzed the “sender” field in each email. Thus, they could calculate how many messages were sent from one address. The information was then correlated with the number of unique bitcoin addresses used by certain hackers. For clarity of analysis, Barracuda experts built graphs, breaking them down by the number of letters from one sender.
It was found that the same sender can use different addresses of crypto wallets in their letters. It must be a way to make it harder to keep track of cash flows.
Experts believe that countering Internet scammers should now be fairly easy. If law enforcement can get on the trail of even a small number of hackers, this will already be great progress. Second, because ransomware hackers copy each other’s actions and follow similar patterns, email security providers will be able to block most of these attacks with simple detectors.
For example, Barracuda Sentinel or Barracuda Forensics and Incident Response can help detect and stop such attacks.
We also recall that permanent protection of your PC will be provided, for example, by GridinSoft Anti-Malware software.
