What are the top three ransomware threats currently active, and what makes them so dangerous?
In this episode of SentryBay’s Endpoints of View podcast we assess the top three ransomware threats currently active – LockBit, Lynx, and Virlock. LockBit is known for its efficient encryption, double extortion tactics, and use of a Ransomware-as-a-Service (RaaS) model, allowing widespread distribution. Lynx, a newer group, aggressively targets small and mid-sized businesses using double extortion tactics. Virlock is unique in that it not only encrypts files but also infects them, turning each into a polymorphic file infector, enabling rapid spread via cloud storage.
Talking Points:
-
How does LockBit’s Ransomware-as-a-Service (RaaS) model impact the spread of ransomware attacks?
The RaaS model enables LockBit to expand its reach by allowing affiliates to distribute the malware. This means that multiple actors can deploy the ransomware, leading to widespread attacks across various industries and a greater volume of victims. This significantly increases the potential impact and makes it more difficult to track and stop. -
Why are small and mid-sized businesses specifically targeted by the Lynx ransomware group?
Lynx specifically targets small and mid-sized businesses because they often have weaker security measures compared to larger corporations, making them easier targets. Lynx exploits these vulnerabilities to quickly gain access and extort these companies, knowing they may be more likely to pay to avoid data breaches and operational disruptions. - How does the Virlock ransomware differ from other types of ransomware, and how does it spread? Virlock differs from traditional ransomware because it not only encrypts files but also infects them, making each encrypted file into a polymorphic file infector. This unique trait allows Virlock to spread rapidly, particularly via cloud storage and collaboration platforms. When an infected file is shared, collaborators who open the file inadvertently trigger the infection on their systems, leading to further propagation within an organization.
This episode also examines the ways to counter the growing ransomware threat including proactive defenses that block attacks at their source. Specifically, adopting advanced tools which features endpoint isolation to prevent keylogging and credential theft—common entry points for ransomware attacks.
Listen To The Podcast – Just Press Play!
Also Available On Spotify and Amazon Music!
Endpoints Of View is your go-to podcast for discussions on cybersecurity topics that touch data breaches, credential theft and endpoint security. Information security professionals can tune in for fresh perspectives on defending secure cloud infrastructure, platforms, and applications from info-stealing threat actors deploying Keylogging, Screen Capture, and Malicious Injection infostealer malware.
Episodes are brought to you by SentryBay®, home of the Armored Client, the world’s most advanced endpoint protection mitigating against credential theft and data leakage threats securing all major VDI, DaaS and Web environments, client types and operating systems.
This podcast is also available via Spotify, Amazon Music and most podcast platforms.
