Cookie Notice

We use cookies to analyse site traffic and optimise your browsing experience. Accepting necessary cookies is required to provide you with a minimum level of service. Read Cookie Statement

Get In Touch
Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy
Experiencing a breach? Get emergency incident response assistance.
Last updated on

Keeping up-to-date with current and emerging cyber threats can be challenging.

Organisations can stay in touch more easily with key insights from The Monitor, a regular digest of Kroll’s global Cyber Risk case intake. In this blog post, we outline the issues covered in the latest edition.

The Monitor is a free regular round-up of Kroll’s global cyber risk cases which analyses the most common cyber threats investigated by our experts around the world.

Kroll The monitor volume 6 picture of front cover

Volume 6 covers the following topics:

 

DDoS attacks by extortionist threat actors

Our experts have noticed an increase in distributed denial of service (DDoS) attacks by cybercriminals seeking to turn a profit in two distinct incident types. First, many ransomware operators are now threatening and conducting DDoS attacks as an additional pressure tactic during the ransom negotiation process. Second, also known as ransom denial of service (RDoS), attackers are threatening DDoS attacks that will take down an organisation’s public-facing services unless a ransom is paid.

In this edition of The Monitor, we cover the main issues relating to these types of attacks and the steps your organisation can take, and share a case study to illustrate the potential challenges.

 

Initial Access Brokers

We have observed an uptick in actors offering network access on the dark web, particularly in the wake of recent disruptions to the ransomware-as-a-service (RaaS) ecosphere, such as the ban on ransomware discussions in notorious underground criminal forums. We discuss our observations, outline an example engagement and share best practices to mitigate against this growing threat.

 

PYSA ransomware

PYSA (which stands for Protect Your System Amigo) is the most recent ransomware variant known to have been distributed by the Mespinoza Ransomware as a Service (RaaS) gang. We have consistently observed PYSA in our incident response engagements since 2020 and have noted an increase in frequency of this variant since the second quarter of 2021. Our update covers tactics, techniques and procedures (TTPs) used by the gang, victim trends and recommendations.

 

Browse recent editions of The Monitor