Ransomware busts and the risks of password reuse

You can always depend on ransomware to make frequent data security headlines.  Recent news from France details how members of the Egregor ransomware group, “suspected of initiating hundreds of ransomware attacks dating back to September 2020,” have been apprehended by a combined Franco-Ukrainian operation, specifically affiliates and others working for the group.  Details of the operation are still incoming, but it seems like in spite of these efforts, the core masterminds of the operation were not part of the roundup.  Even so, ZDNet has observed Egregor’s online web services and malware servers have been offline since Friday.

According to analysts, Egregor has operated much as any modern ransomware group.  Offering their newest strains as a service, they rely on these affiliates to spread the virus and then give them a substantial cut of the ransom.  Furthermore, not limiting themselves to simply locking down valuable data, as in the past, they and others these days threaten to publicly share it if payment isn’t forthcoming.  They even host their own platform on the dark web where they expose the data for all to see (which is part of infrastructure offline since last week).

Ransomware continues to be such a profitable strategy for cyber criminals for a number of reasons, most of which boil down to insufficient precautions taken to safeguard data.  SpyCloud reports that over 543 million Fortune 1000 employee breach credentials are available on the dark web, partly due to the nearly 80% of employees at these businesses who reuse passwords between personal and work accounts.  Even in 2021, compromised credentials of this sort remain the most common hacker method of infiltration.  “People don’t seem to realize just how often their credentials end up in criminal hands or how stolen passwords can be used to access other accounts they think are safe,” says Chip Witt, SpyCloud’s VP of product management.  Such unwitting actions make it easier for criminals to exploit stolen credentials.

Among the aforementioned figures, over 133,000 of those credentials belong to C-Suite executives.  Passwords like “123456” and “password” are also, somehow, still the most commonly used, says the study; the practice also seems to be highest in the media industry at 85%.

Reuse breeds risk to all your data.  Switch up your passwords across accounts to reduce the rewards cyber criminals hope to make.


By: Jonathan Weicher, post on February 17, 2021
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security