Half of Ransomware Groups Operating in 2023 Are New


Almost half (29) of the 60 ransomware groups tracked by WithSecure in 2023 began operations this year, the security vendor has claimed.

WithSecure’s analysis found that, although more established groups (8Base, Alphv/BlackCat, Clop, LockBit and Play) accounted for over half of data leaks in the first nine months of 2023, the new wave of ransomware variants is having an impact on the market.

It claimed groups that began operating in 2023 accounted for 25% of data leaks in the period, helping to drive a 50% year-on-year (YoY) increase in data leaks.

Many of these new players – like Royal, Akira and Blacksuit – can be traced back to Conti, whose code was leaked after an infamous data breach.

The source code for Lockbit and Babuk was also leaked, by disgruntled affiliates, and subsequently used by other ransomware gangs, WithSecure said.

Read more on ransomware: LockBit Dominates Ransomware Campaigns in 2022: Deep Instinct

“Data leaks aren’t the only thing that leads to older groups cross-pollinating younger ones. Ransomware gangs have staff just like an IT company. And like an IT company, people change jobs sometimes, and bring their unique skills and knowledge with them,” the security vendor explained in a blog post.

“Unlike legit IT companies, however, there’s nothing stopping a cyber-criminal from taking proprietary resources (such as code or tools) from one ransomware operations and using it at another. There’s no honor among thieves.”

However, this lack of innovation could be good news for network defenders as it will make incident response and cyber-resilience efforts easier.

“If ransomware’s evolution consists of Darwinian variations of the same basic things, organizations can pretty much know what to expect and prepare for the inevitable day when ransomware gangs knock on their digital door,” WithSecure concluded.

In related news, over half (54%) of UK enterprises and two-thirds (65%) of SMBs don’t think or aren’t sure if they’re a ransomware target, according to new data from OpenText.

The firm’s 2023 OpenText Cybersecurity Global Ransomware Survey revealed a worrying “optimism bias,” in spite of the fact that nearly half (46%) of enterprises and SMBs admitted they’ve already suffered a ransomware attack.



Source link