Almost half of the 60 ransomware groups tracked by WithSecure in 2023 began operations this year, the security vendor has claimed. WithSecure's analysis found that, although more established groups accounted for over half of data leaks in the first nine months of 2023, the new wave of ransomware variants is having an impact on the market. It claimed groups that began operating in 2023 accounted for 25% of data leaks in the period, helping to drive a 50% year-on-year increase in data leaks. Many of these new players - like Royal, Akira and Blacksuit - can be traced back to Conti, whose code was leaked after an infamous data breach. The source code for Lockbit and Babuk was also leaked, by disgruntled affiliates, and subsequently used by other ransomware gangs, WithSecure said. "Data leaks aren't the only thing that leads to older groups cross-pollinating younger ones. Ransomware gangs have staff just like an IT company. And like an IT company, people change jobs sometimes, and bring their unique skills and knowledge with them," the security vendor explained in a blog post. "Unlike legit IT companies there's nothing stopping a cyber-criminal from taking proprietary resources from one ransomware operations and using it at another. There's no honor among thieves." This lack of innovation could be good news for network defenders as it will make incident response and cyber-resilience efforts easier. "If ransomware's evolution consists of Darwinian variations of the same basic things, organizations can pretty much know what to expect and prepare for the inevitable day when ransomware gangs knock on their digital door," WithSecure concluded. The firm's 2023 OpenText Cybersecurity Global Ransomware Survey revealed a worrying "Optimism bias," in spite of the fact that nearly half of enterprises and SMBs admitted they've already suffered a ransomware attack.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000