Latest Developments in Ransomware Attacks
The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), after conducting a comprehensive analysis and recent research on ransomware incidents, has identified significant evolution in ransomware attacks. Cybercriminals are not only adopting emerging attack techniques but also gaining new insights into deployment methods.
An advanced ransomware strategy where attackers employ three methods of coercion.
Increasingly common use of RaaS platforms, enabling less sophisticated attackers to deploy ransomware (e.g., REvil, DarkSide, LockBit).
Stealing data and threatening to release it if ransom is not paid.
Launching distributed denial-of-service (DDoS) attacks on victims' infrastructure to further pressure them into paying the ransom.
Lock files and demand payment for a decryption key
Increasingly exploiting vulnerabilities to bypass traditional security measures (e.g., CVE-2020-0796, CVE-2021-34527, EternalBlue), (HKCERT, 2024).
Leveraging AI to automate and enhance attack strategies, improving efficiency.
Attackers using advanced encryption techniques to increase decryption difficulty without payment.
參考文獻(Reference List)
鍾麗玲 (2024)。《資料外洩事故趨勢及分享》。香港:香港華人會計師公會
香港網絡安全事故協調中心 (2024)。《香港保安觀察報告 2024 第三季度》。香港網絡安全事故協調中心 Hong Kong Emergency Response Team Coordination Centre