The Growing Threat of Encryption-Less Ransomware: Evolving Tactics of Cybercriminals

In recent times, security researchers have issued a warning regarding the rise of encryption-less ransomware, highlighting its emergence as a significant trend among sophisticated hacker groups. According to analysis conducted by Zscaler, there has been a 40% increase in ransomware attacks over the past year, with encryption-less techniques being identified as one of the most noteworthy tactics employed by threat actors.The study revealed that throughout the year, 25 new ransomware families were discovered utilizing either double extortion or encryption-less techniques, indicating the growing popularity of this method among cybercriminals. Zscaler’s ThreatLabz noted that in 2021, they observed 19 ransomware families employing double or multi-extortion approaches, which has since grown to 44 families adopting such tactics.Initially observed with groups like Babuk and SnapMC, encryption-less ransomware attacks have seen the adoption of this method by several new groups, including RansomHouse, BianLian, and Karakurt.So, what exactly is encryption-less ransomware? Unlike traditional ransomware attacks where threat actors compromise an organization, encrypt its data, and demand a ransom for recovery while threatening to leak the stolen data, encryption-less attacks skip the encryption process. In this technique, also known as “extortion-only” attacks, the threat actors still threaten to expose victims’ data unless a ransom is paid, but without encrypting the data itself.By skipping the encryption process, cybercriminals are able to expedite their attacks and potentially generate larger profits. Developing effective encryption payloads requires software engineering expertise, which may deter some cybercriminals from pursuing ransomware operations. Encryption-less attacks eliminate the need for encryption, allowing threat actors to avoid software development cycles and decryption support, resulting in faster and more lucrative attacks.One of the most active groups employing encryption-less attacks is BianLian, as highlighted by LogPoint’s research. The group has shifted away from double extortion methods due to the availability of publicly released decryptor tools, such as those from Avast. As a result, BianLian has intensified its extortion-only approach, forgoing system encryption.Other groups that have employed an extortion-only model in recent years include LAPSUS$ and the notorious Cl0p ransomware outfit. Cl0p deviated from its traditional double extortion tactic during the GoAnywhere breach and opted for a pure extortion attack. A similar approach was observed during the MOVEit breach, believed to have affected numerous organizations, marking the second major supply chain attack of the year.The growing trend of encryption-less ransomware techniques allows threat actors to operate discreetly and often with impunity. Deepen Desai, global CISO and head of security research at Zscaler, emphasized that ransomware authors are increasingly staying under the radar by launching encryption-less attacks involving large-scale data exfiltration. Although victims still suffer severe impacts and financial burdens, this technique is harder to detect and receives less attention from authorities since it does not involve locking files and systems.Furthermore, encryption-less attacks result in less downtime for affected organizations, as they are not faced with a lengthy recovery process. This reduced disruption leads to lower reporting rates, as victims are less likely to report incidents that do not significantly disrupt their business operations.In conclusion, the rise of encryption-less ransomware poses a growing threat in the cybersecurity landscape. The evolving tactics employed by cybercriminals allow them to fly under the radar, conduct large-scale data exfiltration, and demand ransoms without encrypting the compromised data. It is crucial for organizations to remain vigilant and implement robust security measures to mitigate the risks associated with this emerging trend.