Ransomware exercise elevated in 2023 in comparison with 2022, in response to Google-owned Mandiant.
That is regardless of broadscale regulation enforcement operations towards outstanding ransomware teams, together with ALPHV/BlackCat.
Mandiant shared ransomware analysis findings in a brand new report printed on June 3, 2024.
The risk intelligence agency noticed a 75% improve in posts on ransomware teams’ knowledge leak websites (DLS) in 2023 in comparison with 2022.
In whole, victims on DLS spanned greater than 110 international locations.
These observations are in step with different reporting, together with a Chainalysis report displaying that over $1bn was paid to ransomware attackers in 2023 – a report.
“This illustrates that the slight dip in extortion exercise noticed in 2022 was an anomaly, doubtlessly on account of components such because the invasion of Ukraine and the leaked Conti chats,” the Mandiant researchers wrote.
New Teams and Partnerships Drive Ransomware Exercise
In line with Mandiant, the present resurgence in extortion exercise is probably going pushed by varied components, together with:
- New entrants
- New partnerships between teams
- Ransomware service choices by actors beforehand related to prolific teams that had been disrupted
Though two of essentially the most established ransomware households, ALPHV/BlackCat and LockBit, had been essentially the most continuously noticed in 2023, Mandiant additionally observed an elevated diversification of the ransomware panorama, with 50 new ransomware variants. That is roughly the identical quantity as in 2021 and 2022.
Learn extra: ALPHV/BlackCat Web site Downed After Suspected Police Motion
Nevertheless, the proportion of recent variants in comparison with households elevated, with round one-third of recent households noticed in 2023 being variants of beforehand recognized ransomware households.
“This might counsel that risk actors are utilizing their time and sources to replace pre-existing ransomware households somewhat than creating new households from scratch,” Mandiant wrote.
Lastly, Mandiant discovered that risk actors elevated their reliance on distant administration instruments in ransomware operations.
These instruments had been used throughout roughly 41% of intrusions in 2023 in comparison with 23% of intrusions in 2022.
