Thursday, May 15, 2025
Thursday, May 15, 2025
- Advertisement -

Prominent ransomware gangs disappear but affiliates emerge

Larger coordinated groups break down into smaller fractions, making it challenging for law enforcement to target them

Must Read

- Advertisement -
- Advertisement -
  • A significant shift taking place in the ransomware ecosystem in 2024 due to leaked source code and tools from disbanded or deceased larger groups
  • Groups demonstrate a sophisticated understanding of network vulnerabilities and utilise a variety of tools and techniques to achieve their objectives.

While many prominent ransomware gangs have disappeared, smaller and more elusive groups are emerging in 2024 due to leaked source code and tools from disbanded or deceased larger groups.

 “Ransomware operations are becoming increasingly fragmented. Larger, more coordinated groups are breaking down into smaller fractions, making it more challenging for law enforcement to target them,” Kaspersky said in its report.

Moreover, each of these smaller groups has less impact and is of less interest for law enforcement, thus having a reduced likelihood of being tracked and prosecuted, giving independent ransomware actors a higher chance of escaping arrest.

30% increase in groups

Kaspersky research revealed a 30 per cent global increase in the number of targeted ransomware groups in 2023 compared to 2022, with the number of known victims of their attacks rising by a staggering 71 per cent.

Unlike random attacks, the research reported that these targeted groups focus on governments, high-profile organisations, or specific individuals within an organisation.

“Moreover, most of them distribute their malware under the Ransomware-as-a-Service (RaaS) model, which involves a number of smaller groups (called affiliates) getting access to the ransomware for a subscription fee or a portion of the ransom.”

The ransomware most frequently encountered in organisations’ systems in 2023 was Lockbit 3.0. The reason for its remarkable activity may be its builder leak in 2022. That led to various independent groups using the builder to create custom ransomware variants, which they then used to target organizations all over the world. The group itself also has a large affiliate network.

Second was BlackCat/ALPHV, which first appeared in December 2021. In December 2023, the FBI, together with other law enforcement agencies, disrupted  BlackCat’s operations and seized several websites of the group.

The third most active ransomware in 2023 was C10p. This group managed to breach managed the file transfer system MoveIt to get to its customers’ data. According to New Zealand security firm Emsisoft, as of December 2023, this breach had affected over 2500 organisations.

Exploitation of vulnerabilities

According to Kaspersky’s incident response team, in 2023, every third incident (33.3 per cent) was related to ransomware, which remained the primary threat to all organisations, whatever sector of economy or industry they belonged to.

“Another important trend observed in 2023 was attacks via contractors and service providers, including IT services, became one of the top three attack vectors for the first time. This approach facilitates large-scale attacks with less effort, often going undetected until data leaks or encrypted data are discovered,” the report said. 

Overall, the research stated that ransomware groups demonstrated a sophisticated understanding of network vulnerabilities and utilised a variety of tools and techniques to achieve their objectives.

“The use of well-known security tools, exploitation of vulnerabilities in public-facing applications, and the use of native Windows commands highlight the need for robust cybersecurity measures to defend against ransomware attacks and domain takeovers.”

Related Posts:

- Advertisement -

Latest News

Panasonic to cut 4% of its workforce as part of restructuring

Looking ahead, Japanese giant projects a significant improvement in profitability by the fiscal year ending March 2027

Nintendo expects to sell 15m units of Switch 2 in first fiscal year

Nintendo projects the sale of 45m games for the new console, emphasising the integral role of software in driving profitability.

Malwarebytes to block malicious Google-sponsored ads on iOS devices

Malwarebytes to identify and neutralise deceptive advertisements that serve as vectors for malware and scams
- Advertisement -
- Advertisement -

More Articles

- Advertisement -