Redefining “Gangs” In the Age of Ransomware and Critical Assets Targeted as Collateral

Act Now - Protect Your Business!

For decades at a time, when anyone heard the word “gang” they automatically associated it with violent crime in the streets of the slums or “the hood”, the underworld of hustling, drive-by shootings, drug trafficking, intertwined with ulterior motives, politics and often monetary incentive. But gang warfare today and violent crime have taken a new shape and position. In the world of government and political conflict, so much of what makes the news as a severe threat to national and local security is related to malicious attacks on critical IT infrastructures, with the compromise of highly sensitive data and critical assets. From secret service research, to warfare strategies and allied communication. We’re talking global-scale international threats.

Today, the malicious attacks of gangs have transitioned into cyberspace, frequently executed through online communication on social media with bribery and ransomware breaches, and correlated conspiracies in the internet’s gloomy underworld, the dark web. Imagine that in 2020 the 15 billion user and account credentials that were for sale on the dark web, (an astronomical amount of sensitive data), was already three times the amount of user account access data that was for sale to hackers just two years prior. A gathering place for hackers and online criminals, the dark web now serves as a huddle-up spot for the new technology-driven face of gangs, a sort of headquarters for lone wolves and gangs to sell sensitive data as collateral for sums. 

It’s important to note that all of these credentials and the data they include provide hackers with access to cloud solutions and their data. In other words, digital identity is the key to accessing cloud data that can bring full operations to a standstill with one malicious breach. Once a hacker has logged into a SaaS solution or cloud-based app, hackers find backdoor entry points to breach the overall cloud infrastructure, and when compromised, full operations can come to a halt and point of no return. What’s even more concerning and worthy of a raised eyebrow is that most Digital Identity Access Management systems don’t come with out-of-the-box backup and recovery features or options. But, the solutions Identity Access Management systems (IAM) provide access to are often home to mission-critical assets that can make or break business progress, depending on how they’re utilized or who’s hands they land in.


Cybercrime gangs have mercilessly brought presidents and prime ministers to break a cold sweat, targeting critical infrastructures of organizations that directly wage war on nations these hackers support. And based on tracking data collected by the dark web monitoring platform DarkTracer, this Russian gang Conti has reached cybercrime glory, in the lead with nearly 200 more attacks on organizations than the most prolific gang today. And these hoodlums are waging war with serious force and strategy, just days ago threatening cyber attacks on the critical infrastructures of countries opposing Russia’s current invasion of the Ukraine, with their ideology paralleled to that of the Kremlin’s.


World War III is a CyberSpace Battle in the Making: Russia Versus Ukraine

What’s at stake? Full operational flows of government organizations with the most sensitive forms of data on the verge of being compromised. From secret service strategies and investigative insights, to warfare and negotiation tactics, the potential disclosure of data of nations allied with the Ukraine could be compromised with a large-scale breach that bears weight so heavy, Australian government officials are weary of their position and stance.

Sound scary? That’s because it is. 

With Russia’s historical use of cyber attacks to threaten adversaries and leave them defenselessly frail, Conti brought the world to the edge of their seats with their attack positioned to be the beginnings of the “first full-scale cyber war in the making”.

Condemning the war in the Ukraine while indicating they were not aligned with any one particular government, Conti threatened cyber attacks on Ukrainian ally governments from a standpoint of political identification and stance with suffering civilians. The gang stated:

“Since the West is known to wage it’s wars primarily by targeting civilians, we will use our resources in order to strike back if the wellbeing and safety of peaceful citizens will be at stake due to American cyber aggression.”

To create context for the potential impact and capacity a cyberattack of this scale and type from this perpetrator can mean to western allies of the Ukraine, like Australia, Conti executed the December 2021 cyber attack on CS Energy owned by the Queensland government, along with two additional state attacks of critical infrastructures, with the direct victim undisclosed. The gang fearlessly promised to apply full force in all of these attacks in order to “[…] deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia.”

It’s hard to say it’s that much of a hidden agenda, but let’s just say that Conti’s previous attacks on medium and large scale enterprises came with incentive for sizable payouts.


What’s the Defense Strategy for Companies At Risk?

Scott Morrison, Australian Prime Minister is urging organizations to adopt heightened cyber security measures to protect critical assets due to the political escalation and the escalation of conflict in the Ukraine. Morrison stated:

“There has been a pattern of cyber attacks against Ukraine and that continues now […] Malicious cyber activity could impact Australian organisations through unintended interruption or unmaintained cyber activities.”

Institutions like the Australian Cyber Security Center have suggested taking advanced measures in detecting malicious attackers or attacks in progress to ensure strategic “mitigation and response measures.”


What Can Organizations Do To Protect Themselves?

With over 83% of companies citing at least one breach as access-related in 2020, today’s circumstances for SMBs and enterprises in various industries and verticals aren’t promising or particularly optimistic with the ongoing developments of new technologies that bring with them a multitude of misconfigurations and human errors that can produce vulnerabilities. Digital Identity The backdoors to hackers open with greater ease as an increasing number of applications  develop that house critical assets, with new strategies for breaches developing daily. 

Mission critical IT assets now require even greater protection and attention, with proactive measures and the responsibility to protect data with backup and recovery at the hands of their owners – the organization’s creating and storing them. If government organizations find themselves at the mercy of hacker gangs like Conti, just imagine the level of vulnerability of companies that have taken less security precautions to protect mission critical assets. And in the event of a breach of the cloud infrastructure, if proactive measures and data backup is performed regularly with a tool designed to protect mission critical assets housed in the cloud, recovery and resuming business as usual is an exponentially easier process. What’s more, Identity Access Management systems like OKTA are the doorway to all cloud-based applications of a particular user or multiple users within the enterprise or organization. For a solution like OKTA, there is no out of the box recovery or backup feature, and the demand for a third party solution is high. Imagine a system that governs and manages all cloud-based apps that require identity verification and authentication without backup and recovery. How does an organization get moving again?

Minimizing the risk of operational downtime, irreparable brand damage, or even national security concerns using a full tenant recovery solution that maximizes digital identity data retention can prove to be the smartest and most cost-effective route to protecting mission-critical assets and all data housed in the cloud.

Published at on 13 Mar 2022.

Okta api security-acsense
Brendon Rod

How to Secure Your OKTA API

OKTA is by far one of the most widely-used application programming interfaces for cloud identity and access management. But many users mistakenly assume that it

We are accSenSe Team

Digital Identity Resilience is crucial to bouncing back from cyber-attacks quickly, fixing a human error, and managing change. accSenSe will provide strategic value for your IT. Diagnose and remediate posture changes within your IAM system. Get back to business as usual within hours and ensure business loss is kept to a minimum. Low RPO and high granularity, Keeping data retention to a maximum. Handle change and growth safely and securely, avoid misconfiguration.


In a time where Ransomware attacks and account takeovers are growing fast, Cloud Data is at ever-increasing risk.


Regain Control over your SaaS systems following a cyber attack.


Cloud apps are dominating the software industry. Companies hold their most valuable data in these apps.


Recover not only SaaS data but also the SaaS configuration and setup.


Cloud vendors are legally unbounded from protecting the cloud data with the shared responsibility model.

Business as Usual

With Adjustable RPO and a low RTO, you can be back in business in no time.