The Gately Report: Zscaler Tracks New, Increasingly Dangerous Ransomware Group, Most Targeted Types of PeopleThe Gately Report: Zscaler Tracks New, Increasingly Dangerous Ransomware Group, Most Targeted Types of People
Universities are leaving students vulnerable to email-based attacks.
August 5, 2022
The Zscaler ThreatLabz team is monitoring Industrial Spy, a relatively new ransomware group that emerged in April and has since racked up at least 37 victims.
Zscaler disclosed its findings on Industrial Spy ransomware in a blog. Key points about Industrial Spy include:
The threat group exfiltrates and sells data on their dark web marketplace, but does not always encrypt a victim’s files.
The ransomware utilizes a combination of RSA and 3DES to encrypt files.
Industrial Spy lacks many common features present in modern ransomware families like anti-analysis and obfuscation.
The threat group is consistently adding roughly two to three victims per month on their data leak portal.
Todd Meister is Zscaler’s senior vice president of global partners and alliances.
Zscaler’s Todd Meister
“This group started out as a data extortion marketplace, where criminals bought and sold stolen internal data from large companies,” he said. “However, they now decided to start creating their own tools and tactics. So far, it appears that Industrial Spy are still establishing themselves, switching between traditional ransomware, when it only steals and ransoms data, and double-extortion ransomware, defined by the encryption, exfiltration and ransom.”
Industrial Spy Gets Results
What makes Industrial Spy so dangerous is that while the group lacks many common features present in modern ransomware, it’s already proven that it can achieve results, Meister said.
The group sells stolen data from two to three new companies every month on their data leak portal.
“This means that Industrial Spy can continue updating its ransomware with new features and threaten more organizations for a longer period of time,” Meister said.
Industrial Spy may continue to present a threat as long as it can continue breaching new organizations, he said.
Zscaler said many players come and go in the ransomware market and it’s difficult to determine the groups that will stay for the long term. However, this threat group is likely to stay at least in the near future. And more ransomware updates and features are likely to follow.
Scroll through our slideshow above for more from Zscaler and more cybersecurity news.
About the Author(s)
You May Also Like