After a quieter month in October, ransomware teams appeared to return with a vengeance in November, with the very best variety of listed victims ever recorded, in response to Corvus Insurance coverage.
In a report printed on December 18, 2023, Corvus Menace Intel noticed 484 new ransomware victims posted to leak websites in November.
This represents a 39.08% enhance from October and a 110.43% enhance in contrast with November 2022.
That is the eleventh month in a row with a year-on-year enhance in ransomware victims and the ninth in a row with sufferer counts above 300. That is additionally the third time such a document has been damaged this 12 months.
Nevertheless, whereas the earlier two information in 2023 have been primarily attributed to Clop’s MOVEit provide chain assault, this was not the case in November.
A CitrixBleed-Induced LockBit’s Exercise Peak
In accordance with Corvus’ information, the November peak was partly as a consequence of a resurgence in LockBit’s exercise.
November was LockBit’s third-highest month of 2023 when it comes to listed victims (121) after a quieter Fall.
If the primary two peaks have been as a consequence of associates returning to work after a winter or a summer season break, Corvus menace intelligence analysts estimated that the November enhance could possibly be attributed to the CitrixBleed vulnerability, “which has reportedly change into a brand new staple for the group.”
Learn extra: LockBit Associates are Exploiting Citrix Bleed, Authorities Businesses Warn
May QakBot Resurgence Imply a New Document this Winter?
Based mostly on historic seasonal information, the Corvus Menace Intel crew predicted that the variety of ransomware leak website victims listed in December will probably be larger than in December 2022 however doubtless gained’t match November’s numbers.
“We anticipate a lower in January because the people behind ransomware assaults take a while off,” the researchers added.
Lastly, Corvus noticed that though the take-down of malware loader QakBot (aka QBot) by legislation enforcement in August impacted ransomware teams. This new resurgence in sufferer listings confirmed that “the ransomware ecosystem has efficiently pivoted away from QBot.”
The truth that cybersecurity companies at the moment are observing a return of QakBot might probably impression Corvus’ predictions for the close to future.
Learn extra: FBI’s QakBot Takedown Raises Questions: ‘Dismantled’ or Only a Short-term Setback?
