Ransomware Rises Despite Law Enforcement Takedowns

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Ransomware activity increased in 2023 compared to 2022, according to Google-owned Mandiant.

This is despite broadscale law enforcement operations against prominent ransomware groups, including ALPHV/BlackCat.

Mandiant shared ransomware research findings in a new report published on June 3, 2024.

The threat intelligence firm observed a 75% increase in posts on ransomware groups’ data leak sites (DLS) in 2023 compared to 2022.

In total, victims on DLS spanned more than 110 countries.

These observations are consistent with other reporting, including a Chainalysis report showing that over $1bn was paid to ransomware attackers in 2023 – a record.

“This illustrates that the slight dip in extortion activity observed in 2022 was an anomaly, potentially due to factors such as the invasion of Ukraine and the leaked Conti chats,” the Mandiant researchers wrote.

New Groups and Partnerships Drive Ransomware Activity

According to Mandiant, the current resurgence in extortion activity is likely driven by various factors, including:

  • New entrants
  • New partnerships between groups
  • Ransomware service offerings by actors previously associated with prolific groups that had been disrupted

Although two of the most established ransomware families, ALPHV/BlackCat and LockBit, were the most frequently observed in 2023, Mandiant also noticed an increased diversification of the ransomware landscape, with 50 new ransomware variants. This is approximately the same number as in 2021 and 2022.

Read more: ALPHV/BlackCat Site Downed After Suspected Police Action

However, the proportion of new variants compared to families increased, with around one-third of new families observed in 2023 being variants of previously identified ransomware families.

“This could suggest that threat actors are using their time and resources to update pre-existing ransomware families rather than creating new families from scratch,” Mandiant wrote.

Finally, Mandiant found that threat actors increased their reliance on remote management tools in ransomware operations.

These tools were used during approximately 41% of intrusions in 2023 compared to 23% of intrusions in 2022.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions
PyPI Revival Hijack Puts Thousands of Applications at Risk
Civil Rights Groups Call For Spyware Controls
In plain sight: Malicious ads hiding in search results
The key considerations for cyber insurance: A pragmatic approach

Leave a Reply

Your email address will not be published. Required fields are marked *