What You Need to Know About Hacker Gangs & Ransomware

December 8th, 2021   |     |  security & compliance

It takes a single click to compromise an entire network. With COVID-19 moving everything we do online, unless we learn about how hackers conduct their attacks, we are much more likely to click that link.

Because of all the sensitive data being stored on the internet and the increase in networking between systems, attacks by hacker gangs and cybercrime rates have increased tenfold.

Hacker gangs are just what they sound like: hackers who work in groups, but often these groups work towards a goal rather than simply hacking a system out of boredom - which is surprisingly very common among individual hackers. This goal could be money, activism (known as ‘hacktivism’) or even politics.

Famous Hacker Gangs

From professionals to individuals - everyone is fascinated by hacker gangs, particularly with how much they dominate the news when it comes to cybersecurity.

The Shadow Brokers, for example, first appeared in 2016 and leaked some dangerous hacker tools. One of these included EternalBlue, which was used in some of the largest global attack campaigns in history. EternalBlue is a hacking tool developed by the National Security Agency (NSA). It takes advantage of a vulnerability in the Microsoft OS and enables the NSA to gather a boatload of foreign intelligence. Unfortunately, this tool has been stolen from the NSA and is now in the hands of the hacker gangs.

The Lazarus Group is also notorious for the same thing: the leak of EternalBlue, which resulted in more than 130,000 computers infected with the WannaCry ransomware. This included companies, governments, and even hospitals.

Fancy Bear, more commonly known as APT28, was allegedly the one responsible for the attack on the Democratic National Committee in 2016. The group was presumed to be working from Russia since 2008. They’d been attacking companies and organizations with malware in some of major sectors like defense and energy.

Anonymous is one of the most well-known hacker groups, operating world-wide and remaining completely decentralized. Their hacks tend to lean more towards hacktivism, focusing on social issues and giving them a sort of ‘fanbase’ on the internet.

There are plenty more hacker gangs out there: Morpho, Chaos Computer Club, Ajax, Dragonfly. The list goes on.

Though many of these groups aim to work against the law, you’d be surprised to find that some of them are actually state-sponsored. APT28 or Fancy Bear, mentioned above, is allegedly sponsored by the Russian government, while the Lazarus Group is associated with North Korea.

What is Ransomware?

One of the most common ways hacker gangs attack their targets is through ransomware.

The way it works is pretty simple. Malware is introduced into the victim’s system, which encrypts all their files. The attacker then demands money in return for a decryption key, without which the victim wouldn’t be able to access their files – hence the name ransomware.

This can range from a few hundred dollars to thousands or millions, now usually paid in bitcoin so that it can’t be traced.

Attackers may pretend to be law enforcement agencies that claim to have shut down a computer due to the presence of pornography on it and demand a ‘fine.’ This is to make victims less likely to report the attack but most hackers don’t usually bother with this.

Ransomware may also show up as ‘leakware’ or ‘doxware’ where the hackers threaten to release sensitive information from the victim’s computers if the ransom isn’t paid. Encryption remains the most common and dangerous type though, because decrypting encrypted files without a key is virtually impossible.

How to Stop Ransomware Attacks?

The easiest way to avoid ransomware attacks is to be proactive with your security so that the system detects the ransomware before it has the chance to attack.

Having a good, strong antivirus solution is one of the most important ways to do this. Antivirus solutions block all kinds of malware from infecting your system and give you the ability to see when and how the system has been compromised, if it does get infected. You can also protect your system against downloads that contain malicious files or from websites that can be risky.

Since ransomware is most commonly delivered through email, having good email security is also important so you can keep it from being delivered to you and thus reduce the chances that it is installed on your device at all.

If, in the worst-case scenario, your system does get infected, you should always have a backup of your files on hand, so that you can recover from the attack.

REvil Takedown: How Effective Is It?

Recently, REvil (which stands for Ransomware Evil), a notorious hacker gang out of eastern Europe, was taken down by the joint efforts of the Romanian Police, the DOJ and Europol. Three alleged hackers were arrested after raids, both on and offline. REvil has been blamed for some major attacks on international businesses over the past few years, and the US announced that it retrieved more than $6 million in cryptocurrency during the operation.

Since REvil is one of the most high-profile cybercrime gangs to emerge in the past few years, this means that this takedown is a big deal for cybersecurity. With the cooperation of multinational police, this is probably the end of REvil.

But the problem with cybercrime isn’t over yet. There are a number of major hacker gangs still out there – many of which we mentioned earlier. Though this takedown has been a huge success, especially after the surge in ransomware attacks since the pandemic sent us all online, there is still a ways to go from here.

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Secure all your apps, users, and devices