Australian Authorities Uncovered Activities and Careers of Ransomware Criminal Groups
Cybersecurity
Ransomware has become a significant cybercrime threat, with criminal organizations conducting sophisticated attacks targeting critical infrastructure globally.
From 2020 to 2022, over 865 ransomware attacks were documented against organizations in Australia, Canada, New Zealand, and the United Kingdom. These attacks utilized advanced cryptoviral techniques to encrypt victims’ data systems, demanding cryptocurrency payments for decryption keys.
The evolution of these attacks has led to “double extortion” and “triple extortion” schemes where attackers threaten to sell or publicly expose stolen information, in addition to encrypting data.
Ransomware groups use various attack vectors, including botnets, malicious freeware, and sophisticated phishing campaigns, to gain initial access to target networks.
The emergence of Ransomware-as-a-Service (RaaS) has changed the cybercrime ecosystem, distinguishing between core ransomware developers and affiliate operators. Core groups focus on malware development, distribution infrastructure, payment processing, and maintaining leak sites, while affiliates handle system compromise, ransomware deployment, and ransom negotiations.
Research by the Australian Institute of Criminology indicates that Conti was the most prolific ransomware organization, with 141 attacks in three years, followed by LockBit variants with 129 attacks.
Technical Infrastructure and Operational Mechanisms
Modern ransomware operations involve advanced persistence mechanisms and detection evasion techniques. Initial access is often gained through credential stuffing attacks, exploitation of unpatched vulnerabilities, or social engineering campaigns targeting remote desktop protocols.
Once inside, attackers use lateral movement techniques with legitimate administrative tools like PowerShell and Windows Management Instrumentation to avoid detection.
The persistence phase involves establishing multiple backdoors using legitimate system processes to maintain stealth. Groups like Conti and LockBit execute reconnaissance protocols to map network architecture, identify critical data repositories, and locate backup systems before deploying encryption payloads.
The encryption process employs military-grade cryptographic algorithms, with many groups using hybrid encryption schemes that combine symmetric and asymmetric encryption for speed and security.
Most Active Ransomware Groups
| Ransomware Group | Total Attacks | Active Years | Model |
|---|---|---|---|
| Conti | 141 | 2020-2022 | RaaS |
| LockBit (Combined) | 129 | 2021-2022 | RaaS |
| Pysa | 48 | 2020-2021 | Traditional |
| REvil | 43 | 2020-2021 | RaaS |
| NetWalker | 37 | 2020-2021 | RaaS |
Sector Targeting Distribution
| Sector | Total Attacks | Primary Targets |
|---|---|---|
| Industrial | 239 | Manufacturing, Building Products |
| Consumer Goods | 150 | Retail, Food & Beverage |
| Real Estate | 93 | Property Development |
| Financial Services | 93 | Banking, Insurance |
| Technology | 92 | Software, IT Services |
The industrial sector was the primary target, with 239 total attacks, reflecting its critical nature and vulnerability to operational disruption, making organizations more likely to pay ransoms to restore operations quickly.
-
Expense Apps Add Budgeting for Irregular Incomes
In an era where the gig economy is burgeoning, traditional budgeting methods ... -
-
-
