This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion.
LockBit has established itself as one of the most notorious ransomware operations since emerging on the scene in late 2019.
Operating as a ransomware-as-a-service provider, LockBit sells access to its ransomware and infrastructure to affiliates who then conduct attacks.
The Clop ransomware group, also known as CL0P and TA505, is a highly active cybercriminal gang notable for its ransomware attacks.
Emerging in early 2022, the Black Basta ransomware group quickly rose to prominence as both an aggressive ransomware operator and a new player in the RaaS market.
The Play ransomware group, also known as PlayCrypt, emerged in June 2022 and quickly became known for its ransomware extortion attacks targeting companies and governmental institutions globally.
One of the distinguishing features of Play ransomware is its use of intermittent encryption, a technique that partially encrypts a system to evade detection by static analysis tools typically used to identify ransomware infections.
Security experts have suggested that Play may have links to Russia, based on similarities in the encryption techniques they use with other Russian-linked ransomware groups such as Hive and Nokoyawa.
A high-profile breach attributed to the Play ransomware group occurred in 2022 when they attacked the Argentine judiciary of Córdoba.
This breach enabled Play to access the addresses of over 400,000 Swiss citizens living abroad. Royal ransomware emerged as an operation in January 2022 and is made up of experienced ransomware actors from previous groups.
According to the FBI and CISA, the Royal ransomware gang has compromised the networks of at least 350 organizations globally since September 2022, requesting a total of $275 million in ransom payments.
The Royal ransomware is designed to function on Windows operating systems, using the OpenSSL library to encrypt files.
The 8Base ransomware group, which emerged in March 2022, has quickly become a major ransomware player.
The BianLian ransomware group is a prominent cybercrime entity known for developing, deploying, and executing data extortion schemes.
Initially detected as an Android banking trojan in 2019, the BianLian ransomware has since evolved and is noted for its exceptionally rapid encryption capabilities, which are attributed to its development in the Go programming language.
The Medusa ransomware group is known for encrypting victims' files and wiping out backups and virtual hard disks to make recovery difficult.
Medusa ransomware is designed to target both Windows and Linux systems.
One notable attack by the Medusa ransomware group occurred in March 2023, when they targeted the Minneapolis Public School district and demanded a $1 million ransom.
NoEscape is a ransomware group that emerged in May 2023, running a RaaS program.
Our behavioral analytics approach is at the frontline, defending against ransomware by stopping data theft before it starts.
This Cyber News was published on securityboulevard.com. Publication date: Mon, 15 Jan 2024 03:43:04 +0000