New(est) rules in ransomware

[{"selector":"#anim-f6868599-e3cd-43b8-89c1-8dcc13f7efd1","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

New rulers

[{"selector":"#anim-df5211a4-2265-427f-aa3c-3ecf057b6c84","keyframes":{"opacity":[0,1]},"delay":0,"duration":3400,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-6df6315e-e3d0-471d-a0e6-36d1f4eaad93","keyframes":{"opacity":[0,1]},"delay":1000,"duration":2000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Ransomware group Sodinokibi, or REvil, accounted for 22% of ransomware incidents IBM Security X-Force responded to in 2020.

NEW RULES

[{"selector":"#anim-cfe60d98-bc4a-40a9-b43c-5a1bed71b2ca","keyframes":{"opacity":[0,1]},"delay":0,"duration":3400,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-7c6102ee-b124-453f-a513-3423aa0d1ace","keyframes":{"opacity":[0,1]},"delay":1000,"duration":2000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] On top of encrypting data and demanding a ransom for the decryption key, Sodinokibi employed an added extortion tactic.

Sodinokibi playing dirty

[{"selector":"#anim-5b334a81-ec0b-45c2-8c83-05122d6ee830","keyframes":{"opacity":[0,1]},"delay":0,"duration":3400,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-9019d1f4-7b19-4b69-b312-69f5d3b255e0","keyframes":{"opacity":[0,1]},"delay":1000,"duration":2000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Sodinokibi used data leaks to pressure organizations into paying; around 43% of victims suffered this in 2020.

High stakes

[{"selector":"#anim-ca139d69-8133-4e6d-b47e-f74c2f0cd0ef","keyframes":{"opacity":[0,1]},"delay":0,"duration":3400,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-71768fbb-da83-44f1-8fed-d4ad48dafced","keyframes":{"opacity":[0,1]},"delay":1000,"duration":2000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Sodinokibi demanded ransom payments of 1-5% of annual revenue, which in one case was $42 million USD.

IBM Security X-Force estimates that Sodinokibi ransomware actors made about $123 million in 2020.

[{"selector":"#anim-b904d525-763f-49f6-bfe9-a788b9321261","keyframes":{"opacity":[0,1]},"delay":1000,"duration":2000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

TO PAY OR NOT TO PAY?

[{"selector":"#anim-b6fe3f9c-2037-4315-856f-56ccd43e451f","keyframes":{"opacity":[0,1]},"delay":0,"duration":3400,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-0ff514ca-4452-481b-924a-3e79c872ea6f","keyframes":{"opacity":[0,1]},"delay":1000,"duration":2000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Whether to pay a ransom is a business decision; two-thirds of Sodinokibi victims paid in 2020.

BE PREPARED

[{"selector":"#anim-33b4d5d8-19a5-4e9b-994b-2a49b068d250","keyframes":{"opacity":[0,1]},"delay":0,"duration":3400,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-b9592fd8-4095-472f-9922-efe395fe8d06","keyframes":{"opacity":[0,1]},"delay":1000,"duration":2000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] IBM Security X-Force recommends creating a plan that addresses ransomware and data extortion techniques and regularly drilling this plan.

ACTIONABLE INTELLIGENCE

[{"selector":"#anim-5baa83f9-b621-4724-bdc2-4643e121464d","keyframes":{"opacity":[0,1]},"delay":0,"duration":3400,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-78ba811f-e517-40af-bda8-79135a00a27b","keyframes":{"opacity":[0,1]},"delay":1000,"duration":2000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Learn to be proactive against threats with the IBM X-Force Threat Intelligence index.