Eyeing Bigger Targets, Ransomware Gangs Recruit SpecialistsHacking, Encryption and Negotiation Skills in Demand, Says Coveware's Bill Siegel
When startups grow bigger, they inevitably hire more employees to handle increasingly specialized tasks. The same goes with nascent, illegitimate enterprises, such as ransomware gangs, including Maze and the Sodinokibi - aka REvil - ransomware-as-a-service operation, which have been looking to conduct more sophisticated attacks to help them take down larger targets and demand higher ransoms.
"When they get larger, the one or two people that have a certain specialization can't wear every single hat," says Bill Siegel, CEO of ransomware incident response firm Coveware. "So they bring in people with different specializations: people that specialize in the exfiltration of data, people that specialize in the cloud storage and moving around large volumes of stolen data, people that specialize in the negotiations and people who specialize in encryption and decryption. It turns into a big organization."
In a video interview with Information Security Media Group, Siegel discusses:
- Why and how many ransomware-wielding gangs have adjusted their tactics, including embracing data exfiltration and leaking, to force more victims to pay;
- How less expensive but still effective ransomware-as-a-service variants have lowered cybercrime barriers to entry;
- Remote desktop protocol and other top attack vectors being targeted by gangs.
Siegel is CEO and co-founder of Coveware. Previously, he served as CFO of SecurityScorecard, head of NASDAQ Private Market and CEO of SecondMarket.