6 Ransomware Trends & Evolutions For 2023

More than any other industry, cybersecurity is constantly changing. The number of major paradigm shifts that have transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware. The costly and global threat of ransomware has evolved alongside changing technology in the past two decades. Just as threat researchers and engineers rethink their solutions when the currents of cybersecurity shift, their adversaries are always following the latest trends to successfully target their victims. New developments like the success of law enforcement crackdowns on ransomware, changing government regulations, international sanctions, and the looming regulation of cryptocurrency will force adversaries to adapt-both to overcome new challenges and take advantage of new opportunities. For cybersecurity leaders, keeping ahead of these 6 changes will be crucial in defending against new exploits and attack vectors. Traditionally, ransomware groups targeting businesses have preyed on industries where uptime is crucial and even an hour lost to a payload that encrypts files or halts production can be prohibitively expensive. Some adversary groups are finding success without ever deploying a payload. LAPSU$, a group believed to have targeted such heavyweights as Microsoft, Nvidia, Uber, and Rockstar Games, gained prominence by extorting their victims and posting stolen data online when they failed to meet the groups demands. As adversaries find more avenues to profit from their targets, cybersecurity leaders will need to carefully consider where all of their organizations vulnerabilities lie. Today, stealing or encrypting data to extort victims is the norm for ransomware groups. One compromised machine can provide adversaries with a wealth of company secrets and sensitive documents ready for sale to the highest bidder. While ransomware groups are not known for widespread data monetization, its an established underground industry which these groups are primed to enter as brokers for other cybercriminals-maximizing profit while minimizing exposure. As more organizations move to the cloud, the landscape of endpoint vulnerabilities is shifting along with them. Cybersecurity teams have already adapted to the decentralized nature of the cloud, but misconfigurations and unpatched vulnerabilities are still prime targets for ransomware groups seeking a foothold. While the diffuse nature of cloud resources poses a challenge for adversaries, theyre developing new strategies that leverage idle resources in response. A study by Googles Cybersecurity Action Team found that 86% of compromised cloud instances are used to mine cryptocurrency. Adversaries already engaged in Cryptojacking can easily deploy ransomware on the compromised systems, or sell access to more established ransomware groups. As cryptomining group TeamTNT proved, just one compromised endpoint can offer adversaries access to sensitive data in the cloud for all kinds of criminal ends. Cybersecurity leaders know that no attack vector is small enough to overlook when any breach could prove devastating. Uncommon platforms might actually pose the greatest risk to your organization, because ransomware groups appreciate the value of business-critical devices without ready backups. Adversaries dont just stick to tried-and-true exploits, either. Researchers from the Georgia Institute of Technology created a proof of concept for deploying ransomware to a program logic controller in 2017. Rebuilding or replacing such a device could be prohibitively expensive, which is exactly what ransomware groups seeking a payout look for in their targets. In 2017, Trend Micro researchers found that the older mainframes essential to many business-critical systems can be held hostage by adversaries if theyre connected to the internet. The range of malicious actions available to ransomware groups includes changing administrative passwords and making it harder to reboot the network or equipment. These days even adversaries are taking advantage of time- and cost-saving automation. Just like professional organizations, ransomware groups are scaling to maximize revenue by automating tasks and limiting human error. Penetrating a system, the most costly stage of a ransomware attack in terms of both time and effort, can now be streamlined-emboldening adversary groups with fewer members or resources. For cybersecurity leaders, this will mean more attacks to fend off while theyre already moving laterally through the affected environments, which is ironically when deterring threats is the most costly. Ransomware actors that traffic in a high volume of breaches, like Cerber, are already making use of blockchain technology to carry out their attacks more efficiently. Theres no shortage of ways for crafty adversaries to breach their target networks. For the evolving, professional ransomware group

This Cyber News was published on www.trendmicro.com. Publication date: Thu, 02 Feb 2023 05:20:03 +0000


Cyber News related to 6 Ransomware Trends & Evolutions For 2023

Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
8 months ago Malwarebytes.com
The Evolving Landscape of Ransomware Attacks - 1.7 million ransomware attacks are happening every day. Many people think the virus has locked their computer, but it is actually the ransomware that has locked all their files. As the name ransomware suggests they are after ransom. Stealing or ...
9 months ago Cyberdefensemagazine.com
6 Ransomware Trends & Evolutions For 2023 - More than any other industry, cybersecurity is constantly changing. The number of major paradigm shifts that have transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware. ...
1 year ago Trendmicro.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
9 months ago Unit42.paloaltonetworks.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
9 months ago Helpnetsecurity.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
8 months ago Securityboulevard.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
9 months ago Feeds.fortinet.com
Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware - The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader ...
10 months ago Techrepublic.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
9 months ago Bleepingcomputer.com
Top 10 Notorious Ransomware Gangs of 2023 - By employing a multitude of advanced techniques like double extortion along with other illicit tactics, ransomware groups are continually evolving at a rapid pace. Here below, we have mentioned all the types of ransomware used by the threat actors ...
9 months ago Cybersecuritynews.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
6 months ago Feeds.fortinet.com
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
7 months ago Securityboulevard.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 week ago Securelist.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
10 months ago Bleepingcomputer.com
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
9 months ago Bleepingcomputer.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
8 months ago Feeds.fortinet.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
8 months ago Bleepingcomputer.com
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
8 months ago Techrepublic.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
7 months ago Bleepingcomputer.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
4 months ago Bleepingcomputer.com
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
10 months ago Bleepingcomputer.com
Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
10 months ago Bleepingcomputer.com
How ransomware gangs are engaging - As ransomware gangs continue to market themselves as legitimate businesses complete with customer service representatives, new research from Sophos showed that threat actors are expanding public relations efforts to further pressure victims into ...
9 months ago Techtarget.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
8 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)