In a report published by Mandiant on Monday, despite law enforcement operations against prolific ransomware groups such as ALPHV/BlackCat, ransomware activity increased in 2023 compared to 2022 with researchers observing 50 new ransomware variants and a third branching off of existing malware.
Researchers also saw a 75% increase in posts on ransomware groups’ data leak sites. This is consistent with a Chainalysis report stating that a record breaking $1bn was paid to ransomware attackers in 2023.
Code reuse, actor overlaps and rebrands have become common in the modern ransomware threat landscape. According to Mandiant, the increase in extortion activities is likely driven by factors including:
- New entrants
- New partnerships between groups
- Ransomware services by actors previously associated with disrupted, prolific groups
Finally, Mandiant found that threat actors increased their reliance on remote management tools in ransomware operations, 41% in 2023 compared to 23% of intrusions in 2022.
Emily Phelps, Director, Cyware had this to say:
“The proliferation of new ransomware variants and the surge in extortion activities reinforce the urgent need for a collective defense strategy. To get ahead of these threats, organizations must be enabled to share threat intelligence and defensive strategies. By adopting integrated solutions that facilitate seamless information sharing and collaboration, organizations can better defend against these sophisticated attacks and minimize the impact of ransomware on their operations.”
Given that I reported on an apparent ransomware attack as recently as this morning, this is something that requires a lot of focus. Because we’re on the edge of having ransomware get out of control. If it hasn’t already.
UPDATE: BullWall Executive, Carol Volk had this to say:
“In promptly shutting down affected systems and reporting the incident to the SEC, Frontier demonstrated a solid response strategy. This approach, focused on containment and transparency, likely minimized the impact of the attack despite the sensitive data involved.
“If the “containment they had in place was in fact a ransomware containment system, it would account for their quick turnaround in dealing with the breach.
“This incident underscores the need for all organizations to have well-defined ransomware containment strategies. Frontier’s handling of the situation serves as a reminder of the critical importance of preparation and quick action in the face of cyber threats.”
Dave Ratner, CEO, HYAS adds this:
“Preparation for this rise in ransomware requires more than confirming backups and checking configurations — without the implementation of cyber resiliency solutions, as suggested by everyone from CISA to the White House — organizations will remain vulnerable and susceptible. The deployment of solutions like PDNS and others can be accomplished in short order, rapidly shift the tide, and should be done immediately.”
Like this:
Like Loading...
Related
This entry was posted on June 4, 2024 at 3:36 pm and is filed under Commentary with tags Mandiant. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Ransomware Resurged In 2023 With 50 New Variants: Mandiant
In a report published by Mandiant on Monday, despite law enforcement operations against prolific ransomware groups such as ALPHV/BlackCat, ransomware activity increased in 2023 compared to 2022 with researchers observing 50 new ransomware variants and a third branching off of existing malware.
Researchers also saw a 75% increase in posts on ransomware groups’ data leak sites. This is consistent with a Chainalysis report stating that a record breaking $1bn was paid to ransomware attackers in 2023.
Code reuse, actor overlaps and rebrands have become common in the modern ransomware threat landscape. According to Mandiant, the increase in extortion activities is likely driven by factors including:
Finally, Mandiant found that threat actors increased their reliance on remote management tools in ransomware operations, 41% in 2023 compared to 23% of intrusions in 2022.
Emily Phelps, Director, Cyware had this to say:
“The proliferation of new ransomware variants and the surge in extortion activities reinforce the urgent need for a collective defense strategy. To get ahead of these threats, organizations must be enabled to share threat intelligence and defensive strategies. By adopting integrated solutions that facilitate seamless information sharing and collaboration, organizations can better defend against these sophisticated attacks and minimize the impact of ransomware on their operations.”
Given that I reported on an apparent ransomware attack as recently as this morning, this is something that requires a lot of focus. Because we’re on the edge of having ransomware get out of control. If it hasn’t already.
UPDATE: BullWall Executive, Carol Volk had this to say:
“In promptly shutting down affected systems and reporting the incident to the SEC, Frontier demonstrated a solid response strategy. This approach, focused on containment and transparency, likely minimized the impact of the attack despite the sensitive data involved.
“If the “containment they had in place was in fact a ransomware containment system, it would account for their quick turnaround in dealing with the breach.
“This incident underscores the need for all organizations to have well-defined ransomware containment strategies. Frontier’s handling of the situation serves as a reminder of the critical importance of preparation and quick action in the face of cyber threats.”
Dave Ratner, CEO, HYAS adds this:
“Preparation for this rise in ransomware requires more than confirming backups and checking configurations — without the implementation of cyber resiliency solutions, as suggested by everyone from CISA to the White House — organizations will remain vulnerable and susceptible. The deployment of solutions like PDNS and others can be accomplished in short order, rapidly shift the tide, and should be done immediately.”
Share this:
Like this:
Related
This entry was posted on June 4, 2024 at 3:36 pm and is filed under Commentary with tags Mandiant. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.