(844) 627-8267
(844) 627-8267

New ransomware gangs driving attack surge | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


According to new research from WithSecure, the number of new multi-point extortion ransomware groups surged during the first three quarters of 2023.

Ransomware — a type of malicious software (malware) that steals control of machines or data — has become a massive source of revenue for cyber-criminals at the expense of people, organisations, and even governments all over the world.

While its prevalence has remained consistent for several years, other aspects of the threat have changed.

For the past few years, a number of gangs have gained notoriety by using multi-point extortion ransomware attacks, which involve using several methods to pressure victims into paying a ransom to regain control of their data.

Often, these groups both encrypt data, and steal it to publish online unless they’re paid.

For the past few years, a number of gangs have gained notoriety by using multi-point extortion ransomware attacks, which involve using several methods to pressure victims into paying a ransom to regain control of their data.

Often, these groups both encrypt data, and steal it to publish online unless the ransom is paid.

A new analysis of data leaked on sites operated by these multi-point extortion ransomware operators indicates that many new groups have become active in this space during 2023.

Out of the 60 multi-point extortion ransomware gangs whose activities WithSecure has tracked during the first nine months of 2023, 29 are new.

According to threat intelligence analyst Ziggy Davies, the new groups largely follow playbooks established by existing operators, but play a key role in sustaining the amount of ransomware attacks facing organisations.

“Code and other aspects of one particular cyber crime operation end up getting used elsewhere because groups and their members often recycle the same resources when they change who they work for or with,” said Davies.

“Many of the new groups we’ve seen this year have clear lineage in older ransomware operations. For example, Akira and several other groups share many similarities with the now-defunct Conti group, and are likely former Conti affiliates.”

The analysis produces several other notable insights about multi-point extortion ransomware attacks in 2023 to date.

In the first three quarters of 2023, for instance, there was a 50% increase in data leaks from ransomware groups compared to the same period from the previous year.

Lockbit – one of the most infamous ransomware group currently operating, accounted for the biggest share of leaks (21%), according to WithSecure’s analysis.


Recommended reading


The five groups with the most leaks, which include 8Base, Alphv/BlackCat, Cl0p, LockBit, and Play, accounted for over half of the total leaks seen to date.

Still, even with the continued success of known and existing ransomware groups, about a quarter of all data leaks in the analysis were from groups that began operations in 2023.

Interestingly as well, the study found that only six of the 60 groups posted victims every single month of 2023 to date, showing that despite some of their prolific activity, they are not consistently active.

While cyber-criminals look to be more interested in ransomware than ever before, the degree to which these groups recycle each other’s playbooks does provide defenders with some advantages, WithSecure stipulated.

“Ransomware remains an effective moneymaker for cyber-criminals, so they’ll mostly stick to the same basic playbook rather than come up anything really new or unexpected. This makes them pretty predictable, which is good for defenders because they know what they’re up against,” said Davies.



——————————————————–


Click Here For The Original Source.

National Cyber Security

FREE
VIEW