Black Basta ransomware

Big game hunting: Ransomware gangs adopt a nation-state attack model

Print Friendly, PDF & Email

Ransomware has been around for decades and has been through several transformations to become what it is today.  From the 1989 ‘AIDS’ ransomware to the 2021 Colonial Pipeline attack, ransomware criminals have frequently surprised us with their destructive ingenuity.  One of the more recent developments is their embrace of a ‘nation-state cyberattack’ model, in that they direct significant effort into the compromise of a well-researched high-value target.

Ransomware criminals traditionally relied on a numbers game.  They deployed massive spam campaigns to reach as many people as possible, knowing that there was always a percentage of targets who would get infected and pay the ransom.  As the ransomware “industry” matured, these criminals became experts in this type of crime.  Individual threat actors who have proven their worth in the underground economy can move among hacking gangs the way that the rest of us might move to new companies to advance our careers.  Gangs have also been known to form ‘partnerships’ to share resources.  The combination of experience, skill, and innovation enables these groups to be very deliberate and agile in their attacks.

Darkside introduction note. Source: Krebs on Security

This relatively new method of targeting specific victims is known as ‘big game hunting' and it’s been very effective at creating big paydays for the hackers.  It’s also raised public awareness of ransomware and elevated the response of many governments around the world.  When ransomware criminals are interfering with schools, small businesses, and local governments, the problem and the outrage remain local to the region.  When ransomware shuts down pipelines and major food suppliers, it gets everyone’s attention.

Darkside introduction note. Source: Krebs on Security

Big game hunters may carefully analyze public documents for budget information, but that doesn’t mean that they fully understand their targets.  The Conti gang demanded $40 million from Broward County Public Schools in a ransomware attack earlier this year.

With 271,000 students, Broward is the nation’s sixth-largest school district with an annual budget of about $4 billion – a fact the hackers kept returning to as they demanded $40 million, to be paid in cryptocurrency.  …

“It is a possible amount for you,” the Conti gang said early in its negotiations with a district official …

“This is a PUBLIC school district,” the Broward negotiator replied. “You cannot possibly think we have anything close to this!”

While it’s good to see more urgency and collaboration in the response to ransomware, companies are still on their own when the threat comes knocking on the door.  The best way to prepare for a ransomware attack is to have a plan in place to NOT pay a ransom.  Barracuda has a simple 1-2-3 process to help you keep your organization safe:

  1. Protect your credentials. Use email security that protects users from phishing attacks that steal login information.  Stolen credentials are an important tool for ransomware gangs.
  2. Protect your applications. The majority of data breaches are a result of compromised web forms, e-commerce sites, customer service portals, partner portals, and other web applications.
  3. Back up all of your data. Even data that is stored in the cloud can be vulnerable.  Office 365 data can be protected with third-party backup that offers longer retention than the native Microsoft protection.

Barracuda has a full line of solutions to support you in your fight against ransomware and other attacks on your company.  See how we can help you by visiting our website at

Scroll to top