Ransomware groups rebrand and claim more victims
The latest report from the GuidePoint Research and Intelligence Team (GRIT) shows an increase in ransomware activity from Q3 2022 to Q4 2022, as rebranded ransomware groups significantly increased the number of publicly claimed victims.
No quarter of last year saw less than 569 total victims -- with the biggest lull occurring in late June and early July, most likely attributed to the shift from Lockbit2 to Lockbit3, although challenges in the crypto currency market may have also had an impact.
Across the year on average, ransomware groups were responsible for publicly posting 6.87 victims per day to their respective leak sites.
"Threat actors continue to leverage many of the same tactics and techniques to compromise victim organizations such as open RDP and SSH, as well as unpatched and dated vulnerabilities," says Drew Schmitt, GRIT lead analyst. "The exploitation and weaponization of vulnerabilities is one of the most effective methods for achieving initial access into victim networks. When updates are made, such as Microsoft's change of Office Macro default behavior, threat actors have continued to demonstrate flexibility, rapidly changing initial delivery methods for email-based attacks."
As part of the report GRIT tracked 54 groups utilizing a double-extortion methodology, many of which are using a Ransomware as a Service (RaaS) model to increase productivity and maximize revenue. Every month in 2022 saw at least one new group emerge with double extortion capabilities.
Manufacturing is by far the most targeted industry, followed by technology, construction and healthcare. The US is the most targeted country across all ransomware groups, and Western countries made up for the vast majority (77 percent) of all ransomware attacks.
"Based on the trends over the last year, we expect to see an increase in ransomware rebranding," adds Schmitt. "Vulnerabilities, emerging technologies and personal devices will continue to be heavily researched and utilized for initial intrusion into networks, with the time to weaponize vulnerabilities likely decreasing as the year progresses. Additionally, as organizations make gains in improving their security posture, we believe that ransomware groups will shift to single extortion attempts based on data exfiltration where no encryption event occurs."
The full report is available from the GuidePoint site.
Image credit: AndreyPopov/depositphotos.com