This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.
In February, there were 376 ransomware victims, marking an unusually active month for the historically subdued time period.
February didn't just bring unprecedented numbers, but unprecedented developments as well: law enforcement shut down LockBit, the largest ransomware gang, while ALPHV, the second-largest, appeared to fake its demise and abscond with its own affiliates' funds.
Before we dive into the two biggest stories of the month let's start with a quick overview of other significant ransomware developments, including a new Coveware report revealing a record low of 29% of victims paying ransoms in the last quarter of 2023.
A few years ago, paying ransomware attackers was almost a given-85% of hit organizations in early 2019 felt they had no choice.
In other words, we're seeing fewer and smaller ransomware payouts than ever before.
At first glance, the trend appears counterintuitive: with global ransomware attacks hitting record highs annually, one might expect a proportional increase in the number of victims choosing to pay a ransom.
In other words, despite fewer companies paying up, we foresee ransomware attackers compensating with higher ransom demands and more sophisticated, aggressive negotiation tactics.
On the vulnerability front, ransomware gangs like Black Basta, Bl00dy, and LockBit were seen exploiting vulnerabilities in ConnectWise ScreenConnect last month that exposed servers to control by attackers.
The vulnerabilities in ScreenConnect are once again part of this broader trend we've noticed of ransomware gangs finding ever-new points of entry-perhaps even more quickly and extensively than in previous years.
February 2024 is likely to be remembered for years as the month when two of the most dangerous ransomware gangs in the world suffered some serious turbulence.
LockBit has been the preeminent ransomware menace since the demise of Conti in spring 2022, but for the first time there are serious reasons to doubt its status and longevity.
What followed was something quite unique in the annals of ransomware takedowns.
When ransomware gangs start to feel the hot breath of law enforcement on their neck a rebrand normally follows.
It decided to leave the ransomware world behind by ripping off its own customers in a sloppily executed exit scam.
Fighting off ransomware gangs like the ones we report on each month requires a layered security strategy.
Ransomware attackers target the easiest entry points: an example chain might be that they first try phishing emails, then open RDP ports, and if those are secured, they'll exploit unpatched vulnerabilities.
ThreatDown automatically quarantining LockBit ransomware.
For resource-constrained organizations, select ThreatDown bundles offer Managed Detection and Response services, providing expert monitoring and swift threat response to ransomware threats-without the need for large in-house cybersecurity teams.
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected.
This Cyber News was published on www.malwarebytes.com. Publication date: Tue, 12 Mar 2024 19:28:07 +0000