Cybercriminals are using developing nations as test beds for ransomware attacks

[midian182]

In brief: With ransomware becoming so lucrative and widespread, hackers have started deploying new malware strains in developing and emerging nations as a way of testing them before attacking businesses in richer countries. Organizations in Africa, Latin America, and Asia are hit first as they tend to have weaker security and draw less attention. The hackers then attack high-profile targets in North America and Europe.

Attacks have been observed on a bank in Senegal, a financial services company in Chile, a tax firm in Colombia, and a government economic agency in Argentina using strains of malware that were later used in Europe and North America, writes cybersecurity firm Performanta (via Ars Technica).

One of these ransomware strains is Medusa, a variant that gets its name from being able to turn files "into stone" by stealing and encrypting data. It was first used against businesses in South Africa, Senegal, and Tonga in 2023. It was later used in 99 breaches in the US, UK, Canada, Italy, and France.

Medusa victims would see a file with the subject line !!!READ_ME_MEDUSA!!!.txt. instructing users to start negotiations with the ransomware gang on the dark web. Failure to do so would result in the stolen data being published online.

Nadir Izrael, chief technology officer at cyber security group Armis, said that when attackers were discussing a new vulnerability, named CVE-2024-29201, earlier this year, they "specifically targeted a few [exposed servers] in third world countries to test out how reliable the exploit was." The gang's attacks were restricted to South East Asia before becoming more widespread.

Teresa Walsh, chief intelligence officer at global cyber threat intelligence body FS-ISAC, said some gangs perfect their ransomware techniques in poorer countries, such as Brazil, against less well-protected companies before exporting their attacks to richer nations that speak the same language, like Portugal.

Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, has a different take. She believes the increase in attacks on organizations in developing countries is due to ransomware gangs selling their product to less-sophisticated hackers in poorer nations. These attackers often do not understand how the malware works, so they only stage their attacks against less well-guarded targets.

In other ransomware news, a member of the notorious LockBit ransomware group was sentenced to four years in jail last month for infecting over 1,000 systems.

Permalink to story:

Cybercriminals are using developing nations as test beds for ransomware attacks

 

[Uncle Al]

Considering the immense dependence upon the internet now by so many different groups, especially financial, medical, etc. ANY interruption of service can eventually cost lives, which should make this a capital offense punishable by very lengthy mandatory sentences including the death penalty. Yes, a death penalty needs to be applied any time the theft or disruption of services causes premature death then the application is needed not only as punishment but to continue to cull out any chance of repeat offenders. Countries that house and hide offenders should be absolutely banned from the internet, which will require the internet creators and maintainers to step up their game and make isolation possible. A solution is very possible, but better controls are needed.

 

[JamesBlond]

So working in Cyber Security, it all happens in a second, your IP address, router, mac address personal info it can find, ISP, route from ISP to next hop all the way to the final point is all recorded live, hackers in the old days used to get away with this, now days its not so easy.
In the old days hackers use to laugh when they said they hacked a windows PC, Windows server, we used to think they were stupid, once they showed live hacking on a Linux or Oracle server that was different, took a whole different level of skills, when they got through and made changes to the server settings and completed a reboot, that put them in the top 2% of hackers
Then then 13yr old comes along, hacks into the CIA head office in Langley and puts micky mouse on all the desktops as a screen saver, 1 week later his dad is arrested, but on the basis he can go free if the family will relocate to the USA and his son studies there and at 18 is signed up for 6 yrs to work for them. What happened is there are many more hackers and a lot more have moved into the 2% because they grew up with it, Anonymous have at least 2000 professional hackers and around 200 underground, they don;t know each other personally, at least they never make a meeting place its all online.....