LockBit, Black Basta and Play have been noticed to be probably the most energetic ransomware teams in Q1 2024, with Black Basta experiencing a notable 41% improve in exercise.
The information comes from the most recent report by cybersecurity agency ReliaQuest, which additionally suggests that in the identical interval, LockBit confronted a major setback resulting from regulation enforcement actions in February.
Regardless of efforts to revive operations, LockBit’s exercise decreased by 21% in comparison with the earlier quarter. The group’s popularity amongst associates additionally suffered, with cybercriminal discussion board chatter reflecting apprehension about collaborating with a gaggle compromised by regulation enforcement.
Learn extra on this: LockBit Scrambles After Takedown, Repopulates Leak Web site with Previous Breaches
In the meantime, the emergence of the DarkVault group suggests a possible rebranding technique by LockBit to evade scrutiny. The similarities in branding between DarkVault and LockBit, together with font, coloration scheme and ransom demand format, trace at a potential connection between the 2 teams.
ALPHV’s exit rip-off following the fraudulent takedown discover posted on its DLS provides one other layer of complexity to the ransomware panorama. The incident underscores the belief points prevalent inside cybercriminal networks, with associates susceptible to exploitation by their very own cohorts.
Wanting forward, ReliaQuest forecasts a resurgence of the Clop ransomware group, focusing on susceptible enterprise file switch software program. Moreover, elevated exploitation of cloud and SaaS platforms, together with developments in AI and machine studying, are anticipated to form ransomware campaigns within the coming months.
“In a number of current regulation enforcement operations, together with Operation Chronos and the ALPHV and Hive operations, regulation enforcement teams created a decryption instrument by collating decryption keys shared throughout the teams’ infrastructure,” reads the report.
“To forestall this going ahead, ransomware teams will most likely change the way in which they share and retailer decryption keys, doubtlessly shifting them to offline infrastructure.”
To mitigate ransomware dangers, ReliaQuest emphasised the significance of proactive safety measures, together with multi-factor authentication (MFA), least privilege entry and common patch administration.
