While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023.
The report included data from NCC Group's Cyber Incident Response Team and highlighted critical attacks, many of which involved ransomware.
The significant increase in ransomware activity followed a 5% decrease in cases that NCC Group observed between 2021 and 2022.
Along with the 84% increase in ransomware incidents, where numbers jumped from 2,531 to 4,667, a significant number of victims amassed as well despite increased law enforcement achievements.
The report also highlighted successful law enforcement actions such as the temporary disruption of the BlackCat/Alphv ransomware group in December, the arrest of Russian national and alleged LockBit affiliate Ruslan Astamirov in June, and the Qakbot malware takedown.
Other wins NCC Group noted included the efforts of the International Counter Ransomware Initiative in November that involved 48 countries, the European Union and Interpol.
NCC Group analysts found that the mean number of attacks rose from 211 in 2022 to 389 last year.
In some cases, ransomware groups threatened to send stolen data to victims' competitors.
NCC Group found that there was more to the record-setting ransomware year than lucrative extortion methods.
New ransomware gangs such as Play, 8Base, Medusa and BianLian emerged among NCC Group's 10 most active threat actor groups for 2023.
The total number of threat actors also rose from 55 threat groups in 2022 to 64 in 2023.
NCC Group also highlighted the elevated activity of LockBit and version 3.0 of its ransomware.
The Clop ransomware gang, known for the widespread attacks against Progress Software's MoveIt Transfer and Fortra's GoAnywhere managed file transfer products, also surprised NCC Group analysts.
NCC Group found that affiliates aren't as loyal to the ransomware gangs they purchase from anymore, partly because they now have access to more variants.
If a victim organization blocks one attack with a specific ransomware variant, affiliates will return with a different strain.
NCC Group provided an example of an attack that occurred against a Symantec client's environments.
NCC Group also warned that ransomware operators are targeting large software developers and managed service providers to maximize their profits with large-scale attack campaigns.
While the number of ransomware attacks and victims skyrocketed in 2023, the threat only accounted for a small percentage of incident response cases handled by CIRT. Unauthorized access and phishing claimed the top two attack categories in NCC Group's report.
Though threat actors thrived last year, NCC Group said many attacks occurred because organizations struggled with timely patching.
NCC Group urged organizations to exercise caution, particularly when it comes to software.
This Cyber News was published on www.techtarget.com. Publication date: Thu, 08 Feb 2024 20:43:04 +0000