ESET Analysts Discover Collaboration Between Cybercriminal Groups to Target SMBs

SECURITYESET Analysts Discover Collaboration Between Cybercriminal Groups to Target SMBs

ESET analysts have uncovered that several well-known cybercriminal groups have begun collaborating to increase the effectiveness of their attacks on small and medium-sized businesses (SMBs). This time, the victims of ransomware attacks were primarily SMBs across Europe and Asia, with Poland once again among the most frequently targeted countries.

Kamil Sadkowski, an analyst at ESET’s antivirus lab, comments on the situation:

“Ransomware is a type of malicious software that encrypts a user’s data and demands a ransom for its decryption. It can target personal devices, such as computers and smartphones, but also corporate networks. It spreads in various ways, including through emails.”

In their latest research, ESET analysts observed attacks on SMBs in industries such as manufacturing, pharmaceuticals, law, education, healthcare, technology, hospitality, financial services, and regional administration. SMBs are often vulnerable because they frequently use software targeted by cybercriminals and lack adequate processes for managing security updates. Small businesses are ideal targets for cybercriminals since they are less likely than large organizations to have proper security measures or dedicated cybersecurity teams. Additionally, criminals assume that there is a higher chance of receiving a ransom from a small company rather than a large corporation, which typically has access to legal and advisory teams.

Ransomware attacks happen frequently, but many of them go unreported. Many companies and institutions do not publicly disclose that they have fallen victim to cybercriminals, especially if they decide to pay the ransom.

A new aspect of ESET’s discovery involves **ransomware-as-a-service** (RaaS), where ransomware is offered as a business service. This form of attack has become so popular that cybercriminal groups are now developing tools for other groups. These interconnected networks of criminals highlight the increasing professionalism within the cybercrime community, which is deeply concerning.

Research shows that **80% of targeted companies choose to pay the ransom**, but this is not advisable for two main reasons. First, when criminals profit from their activities, they will continue. By trying to protect your company from data loss, you are inadvertently supporting the growth of the criminal ecosystem. Second, there is no guarantee that you will actually recover your data. Why trust promises from people who illegally accessed your system and are blackmailing you? In fact, **21% of organizations that paid the ransom were still unable to prevent the publication of the data they were trying to protect**[1].

What to do if you fall victim to ransomware?

  • Disconnect the affected device from the network. In practice, this means immediately unplugging it from the power source.
  • Learn as much as possible about the attack: how it started, how it spreads, and whether it is possible to recover data from backups.
  • Make a critical decision: Is the attack spreading so widely and quickly that it is worth temporarily halting business processes? This can significantly limit the spread of the attack.
  • Immediately update security systems and other software on all company devices, including mobile devices.

However, the most important step is to protect your business so that it doesn’t fall victim to such an attack in the first place. Polish companies cannot afford to be careless—as recent reports have shown, Poland is increasingly among the top-targeted countries. Therefore, it is crucial not to neglect regular software updates across all devices. Outdated software is often the gateway through which cybercriminals infiltrate systems.

[1] [Forbes: The Sobering Truth About Ransomware for the 80% Who Paid Up](https://www.forbes.com/sites/daveywinder/2023/05/30/the-sobering-truth-about-ransomware-for-the-80-percent-who-paid-up/?sh=120032e39f64)

Source: [ManagerPlus: Known Cybercriminal Groups Join Forces to Target SMBs in Europe and Asia, Poland Among the Most Targeted Countries](https://managerplus.pl/znane-grupy-cyberprzestepcze-lacza-sily-by-atakowac-msp-w-europie-i-azji-polska-wsrod-najczesciej-atakowanych-krajow-61920)

Exit mobile version