Kaspersky's research, spanning the years 2022 and 2023, reveals a worrisome escalation in targeted ransomware groups. The data indicates a staggering 30% global increase in the number of these groups compared to 2022, accompanied by a 71% surge in known victims of their attacks. Unlike random assaults, these targeted groups set their sights on governments, prominent organizations, and specific individuals within enterprises. With cybercriminals orchestrating sophisticated and extensive attacks, the threat to cybersecurity grows ever more pronounced.
In 2023, Lockbit 3.0 emerged as the most prevalent ransomware, leveraging a builder leak in 2022 to spawn custom variants targeting organizations worldwide. BlackCat/ALPHV ranked second, until December 2023, when a collaborative effort by the FBI and other agencies disrupted its operations. However, BlackCat quickly rebounded, underscoring the resilience of ransomware groups. Third on the list was Cl0p, which breached the managed file transfer system MoveIt, impacting over 2.5 thousand organizations by December 2023, according to New Zealand security firm Emsisoft.
Kaspersky's threat research identifies several noteworthy ransomware families, including BlackHunt, Rhysida, Akira, Mallox, and 3AM. Moreover, as the ransomware landscape evolves, smaller and more elusive groups are emerging, posing new challenges for law enforcement. The rise of Ransomware-as-a-Service (RaaS) platforms further complicates the cybersecurity landscape, emphasizing the need for proactive measures.
Kaspersky's incident response team notes that ransomware incidents accounted for every third cybersecurity incident in 2023. Attacks via contractors and service providers have emerged as prominent vectors, facilitating large-scale assaults with alarming efficiency. Overall, ransomware groups demonstrate a sophisticated understanding of network vulnerabilities and utilize a variety of tools and techniques to achieve their objectives. The use of well-known security tools, exploitation of public-facing vulnerabilities, and exploitation of native Windows commands highlight the need for robust cybersecurity measures to defend against ransomware attacks and domain takeovers.
“The escalating financial toll of ransomware attacks underscores the
urgent need for governments to elevate cybersecurity strategies. As ransomware-as-a-service
proliferates and cybercriminals execute increasingly sophisticated assaults,
the threat to cybersecurity becomes more acute. Ransomware strikes persist as a
formidable menace, infiltrating critical sectors and preying on small businesses
indiscriminately. To combat this pervasive threat, it's imperative for
individuals and organizations to fortify their defenses with robust
cybersecurity measures. Deploying solutions such as Kaspersky Endpoint Security
and embracing Managed Detection and Response (MDR) capabilities are pivotal
steps in safeguarding against evolving ransomware threats,” commented Dmitry Galov, head of
research center, Kaspersky’s GReAT.
Read the full report on the state of ransomware at Securelist.com.
On May 12, which is Anti-Ransomware Day, Kaspersky encourages organizations to follow these best practices that help safeguard your organization against ransomware:
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.