The ransomware group turned to the "impersonation" strategy.

The ransomware group turned to the "impersonation" strategy to release more ransomware into the system than before.

Ransomware or Ransomware is a serious threat for businesses because it can lead to data loss and millions of dollars can be shut down by the company. But from this news, entrepreneurial readers may be interested to learn what tactics these criminals have used so that malware can access the system.

According to a report by the website Cyber Security Dive, a recent report from Cloudflare, a company that uses website protection against online attacks, has identified a change in the trend of ransomware attack methods to access the victim's system, which has changed from using sophisticated code to hack into the system and then drop the ransomware, as was often done in the past, to using impersonation to deceive the victim with phishing methods, which leads to the theft of the victim's account to access the organization's system and place the ransomware into the system, and another method that has been recognized. Equally popular, it is easy to exploit random passwords with weak protection, leading to theft of the victim's account. In addition, internal collaborators are used to access the targeted company systems.

In addition to the trend of such attacks, the report has also revealed a number of important data, such as that manufacturing and critical infrastructure groups have been detected as the primary targets of ransomware groups in up to 50% of all industries. Not only has the research also found that hackers who develop ransomware are more likely to adopt AI or Artificial Intelligence of the Large Language Model (LLM) to make ransomware smarter and more automated by using it. The AI task was not intended to create an unparalleled complex ransomware, but was more focused on its full performance.

In the area of disguise to steal money, the study found that during the year 2025, crooks used disguise methods to steal money worth $123.5 million ($3,995,966,000). The average amount that this crooks tried to plough money from the victims would fall to about $49,000 each through disguising themselves as trustworthy individuals or organizations, talking to the victims' organizations, and calling money, doing everything like a typical business activity, which the victims would usually transfer to the crooks.

The report also noted different attributes away from the uniqueness of hackers from each major nation, as follows:

Hackers from Russia tend to use high-volume attacks, with wide targets.

Hackers from China will use stealth to lurk inside supercritical infrastructure systems.

Hackers from North Korea will focus their attacks on people using trust-building methods.

Hackers in each nation also use Trusted Platforms in their operations:

Chinese hackers have found use of Google Calendar as a malware controller (C2 or Command and Control).

Hackers from Russia have used a Text Paste website in their application for C2 server address shuffling.

Hackers from Iran often host the C2 page itself on Microsoft Azure's web domain services.

# Trending # Lemon 8 Howtoo # lemon 8 diary # freedomhack # ransomware