The Gately Report: Zscaler Tracks New, Increasingly Dangerous Ransomware Group, Most Targeted Types of People

Universities are leaving students vulnerable to email-based attacks.

Edward Gately, Senior News Editor

August 5, 2022

11 Slides
ransomware detected

Already have an account?

Shutterstock

The Zscaler ThreatLabz team is monitoring Industrial Spy, a relatively new ransomware group that emerged in April and has since racked up at least 37 victims.

The-Gately-Report-logo-300x200.jpgZscaler disclosed its findings on Industrial Spy ransomware in a blog. Key points about Industrial Spy include:

  • The threat group exfiltrates and sells data on their dark web marketplace, but does not always encrypt a victim’s files.

  • The ransomware utilizes a combination of RSA and 3DES to encrypt files.

  • Industrial Spy lacks many common features present in modern ransomware families like anti-analysis and obfuscation.

  • The threat group is consistently adding roughly two to three victims per month on their data leak portal.

Todd Meister is Zscaler’s senior vice president of global partners and alliances.

Meister-Todd_Zscaler.jpg

Zscaler’s Todd Meister

“This group started out as a data extortion marketplace, where criminals bought and sold stolen internal data from large companies,” he said. “However, they now decided to start creating their own tools and tactics. So far, it appears that Industrial Spy are still establishing themselves, switching between traditional ransomware, when it only steals and ransoms data, and double-extortion ransomware, defined by the encryption, exfiltration and ransom.”

Industrial Spy Gets Results

What makes Industrial Spy so dangerous is that while the group lacks many common features present in modern ransomware, it’s already proven that it can achieve results, Meister said.

The group sells stolen data from two to three new companies every month on their data leak portal.

“This means that Industrial Spy can continue updating its ransomware with new features and threaten more organizations for a longer period of time,” Meister said.

Industrial Spy may continue to present a threat as long as it can continue breaching new organizations, he said.

Zscaler said many players come and go in the ransomware market and it’s difficult to determine the groups that will stay for the long term. However, this threat group is likely to stay at least in the near future. And more ransomware updates and features are likely to follow.

Scroll through our slideshow above for more from Zscaler and more cybersecurity news.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like