The Gately Report: Zscaler Tracks New, Increasingly Dangerous Ransomware Group, Most Targeted Types of People

The Zscaler ThreatLabz team is monitoring Industrial Spy, a relatively new ransomware group that emerged in April and has since racked up at least 37 victims.

Zscaler disclosed its findings on Industrial Spy ransomware in a blog. Key points about Industrial Spy include:

Todd Meister is Zscaler’s senior vice president of global partners and alliances.

Zscaler’s Todd Meister

“This group started out as a data extortion marketplace, where criminals bought and sold stolen internal data from large companies,” he said. “However, they now decided to start creating their own tools and tactics. So far, it appears that Industrial Spy are still establishing themselves, switching between traditional ransomware, when it only steals and ransoms data, and double-extortion ransomware, defined by the encryption, exfiltration and ransom.”

Industrial Spy Gets Results

What makes Industrial Spy so dangerous is that while the group lacks many common features present in modern ransomware, it’s already proven that it can achieve results, Meister said.

The group sells stolen data from two to three new companies every month on their data leak portal.

“This means that Industrial Spy can continue updating its ransomware with new features and threaten more organizations for a longer period of time,” Meister said.

Industrial Spy may continue to present a threat as long as it can continue breaching new organizations, he said.

Zscaler said many players come and go in the ransomware market and it’s difficult to determine the groups that will stay for the long term. However, this threat group is likely to stay at least in the near future. And more ransomware updates and features are likely to follow.

Scroll through our slideshow above for more from Zscaler and more cybersecurity news.