Ransomware exercise elevated in 2023 in comparison with 2022, in keeping with Google-owned Mandiant.
That is regardless of broadscale regulation enforcement operations towards distinguished ransomware teams, together with ALPHV/BlackCat.
Mandiant shared ransomware analysis findings in a brand new report revealed on June 3, 2024.
The risk intelligence agency noticed a 75% enhance in posts on ransomware teams’ knowledge leak websites (DLS) in 2023 in comparison with 2022.
In whole, victims on DLS spanned greater than 110 nations.
These observations are according to different reporting, together with a Chainalysis report displaying that over $1bn was paid to ransomware attackers in 2023 – a document.
“This illustrates that the slight dip in extortion exercise noticed in 2022 was an anomaly, doubtlessly as a consequence of elements such because the invasion of Ukraine and the leaked Conti chats,” the Mandiant researchers wrote.
New Teams and Partnerships Drive Ransomware Exercise
Based on Mandiant, the present resurgence in extortion exercise is probably going pushed by numerous elements, together with:
New entrants
New partnerships between teams
Ransomware service choices by actors beforehand related to prolific teams that had been disrupted
Though two of essentially the most established ransomware households, ALPHV/BlackCat and LockBit, have been essentially the most incessantly noticed in 2023, Mandiant additionally observed an elevated diversification of the ransomware panorama, with 50 new ransomware variants. That is roughly the identical quantity as in 2021 and 2022.
Learn extra: ALPHV/BlackCat Website Downed After Suspected Police Motion
Nevertheless, the proportion of latest variants in comparison with households elevated, with round one-third of latest households noticed in 2023 being variants of beforehand recognized ransomware households.
“This might counsel that risk actors are utilizing their time and sources to replace pre-existing ransomware households somewhat than creating new households from scratch,” Mandiant wrote.
Lastly, Mandiant discovered that risk actors elevated their reliance on distant administration instruments in ransomware operations.
These instruments have been used throughout roughly 41% of intrusions in 2023 in comparison with 23% of intrusions in 2022.