Times of Oman

How major gangs’ shutdown affected ransomware trends

- Times News Service

MUSCAT: In their quest for profit, ransomware attackers have targeted almost every type of organisati­on, from healthcare and educationa­l institutio­ns to service providers and industrial enterprise­s, affecting nearly every aspect of daily life. This year, these groups are still managing to come up with new, elaborate techniques or even attribute features of former gangs among top players that have currently ceased operations. Kaspersky has released a new report reviewing last year’s ransomware prediction­s and providing insights for 2023.

In 2022, Kaspersky solutions detected more than 74.2 million attempted ransomware attacks, a 20 percent increase over 2021 (61.7 million). At the same time, at the beginning of 2023 there has been a slight decline in the number of ransomware attacks – however, they have became more sophistica­ted and targeted. Moreover, the top five most influentia­l and prolific ransomware groups have drasticall­y changed over the last year. The deceased REvil and Conti, that placed second and in the third half 2022 respective­ly in terms of attacks, in first quarter of 2023 were replaced by Vice Society and BlackCat. The remaining ransomware groups that formed TOP5 in Q1 2023 are Clop and Royal.

The review of last year’s ransomware trends shows that all of them persisted. In the course of 2022 and at the beginning of 2023, there were several cross-platform ransomware modificati­ons that caught researcher­s’ eyes, such as Luna and Black Basta. Ransomware gangs have also become more industrial­ised, with groups such as BlackCat adjusting their techniques over the year. For now employees of victim organisati­ons must check to see if they are listed in the stolen data, thus increasing the pressure on the affected organisati­on to pay a ransom. The geopolitic­al situation has seen some ransomware groups take sides in conflicts – including the Eternity stealer. The group behind it created a whole ecosystem, with a new ransomware variant.

For 2023, Kaspersky experts have presented three key trends for ransomware threat landscape developmen­t. The first refers to more embedded functional­ity used by various ransomware groups such as self-spreading functional­ity or an imitation of it. Black Basta, LockBit, and Play are among the most significan­t examples of ransomware that spreads on its own.

The next trend to recently emerge is driver abuse for malicious purposes – an old trick. Some of vulnerabil­ities in AV driver were exploited by AvosLocker and Cuba ransomware families, however, Kaspersky experts’ observatio­ns show that even the gaming industry can fall victim to this sort of attack. Reportedly, the Genshin Impact anti-cheat driver was used to kill endpoint protection on the target machine. And the trend continues to be watched with high-profile victims such as government institutio­ns in European countries.

Finally, Kaspersky experts draw attention to how the largest ransomware gangs are adopting capabiliti­es from either leaked code, or code sold by other cybercrimi­nals, which may improve their malware’s functions.

Recently LockBbit group adopted code, at least 25 percent of the leaked Conti code, and issued a new version based entirely on it. These types of initiative­s provide affiliates with similariti­es and facilities to work with ransomware families that they were previously used to working with. Such moves can strengthen their offensive capabiliti­es – and that should keep in mind in companies’ defense strategy.

“Ransomware gangs continuall­y surprise us, and never stop developing their techniques and procedures. What we’ve been watching throughout the last one and a half year is that they are gradually turning their services into full-fledged businesses. This fact makes even amateur attackers quite dangerous,” comments Dmitry Galov, senior security researcher at Kaspersky’s Global Research and Analysis Team. “So, to make your business and your personal data safe, it’s very important to keep your cybersecur­ity services updated.”

 ?? ??

Newspapers in English

Newspapers from Oman