Ransomware Attacks Adapt With New Techniques: Kaspersky Report

Written by

Attackers are employing more sophisticated ransomware attack methods and incorporating key attributes from defunct criminal groups to target individuals, according to the latest report from Kaspersky.

The changes underscore evolving concerns in the cybersecurity landscape.

The report, New ransomware trends in 2023, was published today ahead of Anti-Ransomware Day 2023 on Friday.

According to the report, the top five ransomware groups that have the most impact and produce the most attacks have undergone significant changes in the past year.

In the first half of 2022, REvil and Conti were ranked second and third respectively, in terms of attacks. However, in Q1 2023, these groups were replaced by Vice Society and BlackCat. The remaining ransomware groups in the top five for Q1 2023 are Clop and Royal.

Read more on Vice Society threat actors: Vice Society Claims Ransomware Attack Against University of Duisburg-Essen

Kaspersky added that, according to their review of last year’s ransomware trends, all of these groups persisted. The researchers have taken notice of some significant cross-platform ransomware variations, such as Luna and Black Basta.

As for 2023, Kaspersky experts highlighted three key ransomware trends. Firstly, ransomware groups are incorporating self-spreading functionality or imitations into their malware, as seen with examples like Black Basta, LockBit and Play.

Secondly, cybercriminals are exploiting vulnerabilities in antivirus drivers, even targeting industries like gaming. 

Finally, large ransomware gangs are adopting capabilities from leaked or purchased code, strengthening their offensive capabilities.

“Ransomware gangs continually surprise us and never stop developing their techniques and procedures,” said Dmitry Galov, a senior security researcher at Kaspersky’s Global Research and Analysis Team.

Further, over the past 18 months, the executive said the company observed that ransomware gangs are transitioning their operations into fully-fledged businesses.

“This fact makes even amateur attackers quite dangerous. So, to make your business and your personal data safe, it’s very important to keep your cybersecurity services updated,” Gavlov concluded.

More information about ransomware trends in 2023 is available in this analysis by Recorded Future CISO, Jason Steer.

What’s hot on Infosecurity Magazine?