Ransomware continues to grow as a threat. While the overwhelming number of attacks are from a few of the “big players”, even when these gangs disappear, more arise to fill the gap. Even more troubling, there is collaboration and even overlap between the players, which might lead to multiple attacks.
Cybersecurity attacks are growing in frequency: Telus study
A recent study done by Telus shows that the number of ransomware attacks in Canada is increasing. The report states:
“Cyberattacks are on the rise in Canada, with 98 per cent of Canadian organizations reporting a cyberattack in the last 12 months. Attacks are frequent, with 25 per cent of organizations experiencing at least one attack per day and most organizations experiencing more than 11–30 attacks per month.”
The report contains a number of other findings, and includes advice for dealing with ransomware. It can be downloaded at Telus.com/RansomwareStudy (registration required)
Who are the gangs responsible for the most attacks?
Cybersecurity researchers at Digital Shadows analyzed recorded ransomware attacks between January and March 2022 and found that LockBit 2.0 and Conti were the two most active ransomware gangs.
According to the report, these two gangs accounted for 58 per cent of all incidents. LockBit was more prolific, with 38 per cent of ransomware attacks. Conti ransomware group accounted for 20 per cent of ransomware attacks.
The report also notes that LockBit leaked the information of more than 200 victims in the first quarter of 2022, the highest number of leaks to date this year.
Two of the big players, PYSA ransomware, which was the third most active ransomware group during the last quarter of 2021, and REvil, seem to have disappeared or stopped working.
New ransomware gangs are moving in to fill the void and replace PYSA and REvil. Some of the new groups include Stormus, Night Sky, Zeon, Pandora, Sugar, and x001xs.
Sourced from recent article in TechNewsDay
Ransomware gangs are collaborating – double the attacks?
Karakurt is a ransomware gang that steals but doesn’t encrypt the data of a victim organization. According to the podcast Cyber Security Today, a study by Tetra Defence noted that Karakurt is believed to have hit 55 organizations in the U.S. and eight in Canada. The researchers say there’s evidence that the Karakurt gang are using the resources of another gang, Conti, including network access to previous Conti victims.
It may be coincidence that a company hit by Karakurt had just been victimized by Conti, the report says. Researchers also believe Diavol ransomware is deployed by the same people behind Conti and Karkurt.
The report concludes that companies should “think carefully before paying any data ransom demand. It may not protect you from being hit again.”
Sourced from the podcast Cyber Security Today from ITWorld Canada