Understanding Corporate Ransomware – A Case Study in the Nordics
2025 (English)In: Cybersecurity: Proceedings of the 9th European Interdisciplinary Cybersecurity Conference / [ed] Isabel Praça, Simona Bernardi, Pedro R.M. Inácio, Springer, 2025, Vol. 2500 CCIS, p. 82-97Conference paper, Published paper (Refereed)
Abstract [en]
Ransomware is continuously evolving and has recently seen record-breaking payouts. This paper describes developments in corporate ransomware which have contributed to this continued rise. It provides an interdisciplinary case study of a ransomware campaign conducted in northern Europe during 2023 and 2024. We argue that underlying factors, including the broad rollout of personal cloud backups, have caused modern ransomware groups to shift towards expending more effort per attack in order to attack bigger targets. We perform an analysis of such an attack using a combination of internal and open sources, as well as using forensic techniques. The analysis shows how the attackers approach high-value targets, use both traditional crypto-ransomware tools and hacking, and utilize multiple avenues of extortion to negotiate the highest possible ransom.
Place, publisher, year, edition, pages
Springer, 2025. Vol. 2500 CCIS, p. 82-97
Series
Communications in Computer and Information Science ; CCIS, volume 2500
Keywords [en]
Personal computing, Akira, Breakings, Case-studies, Corporates, Double extortion, Internal source, Malwares, Open-source, Personal clouds, Underlying factors, Malware
National Category
Computer Sciences
Research subject
Computer Science; Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-106249DOI: 10.1007/978-3-031-94855-8_6ISI: 001552002800006Scopus ID: 2-s2.0-105009287108ISBN: 978-3-031-94854-1 (print)ISBN: 978-3-031-94855-8 (electronic)OAI: oai:DiVA.org:kau-106249DiVA, id: diva2:1982432
Conference
9th European Interdisciplinary Cybersecurity Conference, EICC, Rennes, France, June 18–19, 2025.
Funder
Knowledge Foundation2025-07-082025-07-082026-02-12Bibliographically approved