The Evolving Ransomware Arena
June 29, 2022
A new report from cybersecurity firm KELA updates us on shifts within the ransomware ecosystem. ZDNet summarizes the findings in, “Ransomware Attacks Have Dropped. And Gangs Are Attacking Each Other’s Victims.” The good news—the number of victims dropped by about 40% from 2021’s last fiscal quarter to the first quarter of this year. The bad news—financial services organizations are now in the top four targeted sectors. Time for each of us to confirm we have unique passwords for our banking logins. And maybe create fresh ones while we are at it.
Writer Charlie Osborne also gives us a little dirt from behind the ransomware scenes:
“A notable shift is Conti’s place as one of the most prolific ransomware groups, alongside LockBit, Hive, Alphv/Blackcat, and Karakurt. … During the first few months of this year, Conti publicly pledged its support for Russia’s invasion of Ukraine. Following the Russian-speaking group’s declaration, in retaliation, an individual broke into its systems and leaked Conti’s malware code and internal chat logs – a treasure trove for researchers and defenders alike. While security teams were able to use the leaks to improve their understanding of the ransomware gang’s operations, it also impacted Conti’s place in the pecking order. According to KELA, Conti has been booted from the top spot in the months following the leak. While still active, it appears that Conti’s victim list decreased from January, with LockBit moving up the ranks. In Q1, LockBit hit 226 recorded victims, ranging from manufacturing and technology to the public sector. However, together with its suspected subsidiary KaraKurt, Conti is still the second-most active ransomware gang in 2022. Alphv is considered an emerging threat by KELA as a new player, having only really hit the spotlight in December 2021.”
And the race for dominance continues. The competition appears to be cutthroat, with gangs apparently attacking each other and/or targeting the same victims: In some cases, the stolen data published by several gangs was identical. Then again, that could be the result of cooperation. Researchers also found evidence of ransomware gangs collaborating with each other. How nice.
Cynthia Murrell, June 29, 2022