Connect with us

Hi, what are you looking for?

News

How Major Gangs’ Shutdown Affected Ransomware Trends for 2023

Ransomware

Ransomware has been making headlines for the past several years. In their quest for profit, attackers have targeted almost every type of organisation, from healthcare and educational institutions to service providers and industrial enterprises, affecting nearly every aspect of daily life.

This year, these groups are still managing to come up with new, elaborate techniques or even attribute features of former gangs among top players that have currently ceased operations. Kaspersky has released a new report reviewing last year’s ransomware predictions and providing insights for 2023.

In 2022, Kaspersky solutions detected more than 74.2 million attempted ransomware attacks, a 20% increase over 2021 (61.7 million). At the same time, at the beginning of 2023 we saw a slight decline in the number of ransomware attacks – however, they became more sophisticated and targeted.

Moreover, the top five most influential and prolific ransomware groups have drastically changed over the last year. The deceased REvil and Conti, that placed second and third in H1 2022 respectively in terms of attacks, in Q1 2023 were replaced by Vice Society and BlackCat. The remaining ransomware groups that formed TOP5 in Q1 2023 are Clop and Royal.

The review of last year’s ransomware trends shows that all of them persisted. In the course of 2022 and at the beginning of 2023, there were several cross-platform ransomware modifications that caught researchers’ eyes, such as Luna and Black Basta. Ransomware gangs have also become more industrialised, with groups such as BlackCat adjusting their techniques over the year.

For now employees of victim organisations must check to see if they are listed in the stolen data, thus increasing the pressure on the affected organisation to pay a ransom. The geopolitical situation has seen some ransomware groups take sides in conflicts – including the Eternity stealer. The group behind it created a whole ecosystem, with a new ransomware variant.

For 2023, Kaspersky experts have presented three key trends for ransomware threat landscape development. The first refers to more embedded functionality used by various ransomware groups such as self-spreading functionality or an imitation of it. Black Basta, LockBit, and Play are among the most significant examples of ransomware that spreads on its own.

The next trend to recently emerge is driver abuse for malicious purposes – an old trick. Some of vulnerabilities in AV driver were exploited by AvosLocker and Cuba ransomware families, however, Kaspersky experts’ observations show that even the gaming industry can fall victim to this sort of attack.

Reportedly, the Genshin Impact anti-cheat driver was used to kill endpoint protection on the target machine. And the trend continues to be watched with high-profile victims such as government institutions in European countries.

Finally, Kaspersky experts draw attention to how the largest ransomware gangs are adopting capabilities from either leaked code, or code sold by other cybercriminals, which may improve their malware’s functions.

Recently LockBbit group adopted code, at least 25% of the leaked Conti code, and issued a new version based entirely on it. These types of initiatives provide affiliates with similarities and facilities to work with ransomware families that they were previously used to working with. Such moves can strengthen their offensive capabilities – and that should keep in mind in companies’ defense strategy.

“Ransomware gangs continually surprise us, and never stop developing their techniques and procedures. What we’ve been watching throughout the last one and a half years is that they are gradually turning their services into full-fledged businesses.

This fact makes even amateur attackers quite dangerous,” comments Dmitry Galov, senior security researcher at Kaspersky’s Global Research and Analysis Team. “So, to make your business and your personal data safe, it’s very important to keep your cybersecurity services updated.”

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

ad

You May Also Like

Tech

MTN Nigeria, Leading ICT company has received the Economic Dividends for Gender Equality (EDGE) MOVE certification from the International Finance Corporation (IFC) at their...

Tech

An Undersea cable damage on Thursday, March 14, disrupted internet services across Nigeria and by extension other African countries, according to Internet watchdog, NetBlocks....

Broadcasting

In a recent event held to commemorate the International Women’s Day celebrations at the Chida Events Center in Abuja Nigeria, AGRA officially launched the...

Business

In a groundbreaking initiative, QNET, a renowned global entity in the lifestyle and wellness direct-selling sector, has joined forces with the Lagos State Consumer...