Ransomware Attacks on the Rise: A Closer Look at the Latest GRIT Report
In May, there was a noticeable increase in the number of victims falling prey to ransomware attacks compared to the previous month. However, the leading ransomware groups, LockBit and AlphV, saw a decrease in observed victims during this period. LockBit’s victim count dropped from 110 in April to 77 in May, while AlphV went from 51 victims to 38. Despite these declines, the overall tally of observed ransomware victims rose due to the emergence of new branded groups entering the scene.
New Threat Groups and their Tactics
The recently published GRIT report by GuidePoint Security sheds light on the growing diversity of active ransomware threat groups. In May, 28 different groups were reported to have claimed victims, resulting in a 13.57% increase in publicly posted ransomware victims compared to April. The United States remains the most targeted country, with a significant number of attacks occurring in educational organizations.
One of the notable new groups mentioned in the report is Akira. This ransomware gang has gained prominence within a short span of time and is known for its unique data-leak site. Akira follows the “double extortion” method, whereby stolen data is threatened to be leaked if the ransom is not paid. Interestingly, some of the new groups have been observed to lower their initial ransom demands, potentially indicating a strategy to expedite the ransomware payment process.
Emerging ransomware groups, such as 8Base, Malas, Rancoz, and BlackSuit, have brought a combination of established and innovative tactics to the landscape. Each group has distinct characteristics and focuses on different targets. For example, 8Base primarily targets the banking and finance industry in the US and Brazil, while Malas exploits vulnerabilities in business email and collaboration software Zimbra through mass exploitation techniques. The report mentions that BlackSuit has displayed a high level of maturity in their operations despite having only one observed victim.
The Shift Towards Single Extortion
According to Nic Finn, a consultant from GuidePoint Security, ransomware groups are constantly adapting and adopting tactics they perceive to be novel and successful. One such trend noted in the report is a shift towards single extortion, which involves threatening victims with the publication of exfiltrated data without encrypting it. This approach is seen as more sustainable for ransomware groups, as it reduces troubleshooting when decryption tools fail. This shift may be a result of perceived success by other groups or based on interactions with victims.
Finn advises organizations to remain vigilant about developing detections and monitoring activities related to potential data exfiltration efforts. He suggests that the single extortion trend will likely continue and grow throughout 2023. Organizations that follow data backup best practices should focus on preserving backups and ensuring the security of sensitive data.
Educational Institutions Vulnerable to Ransomware Attacks
Educational institutions, from daycares to major universities, have become prime targets for ransomware attacks. The report highlights the recent influx of vulnerabilities affecting software commonly used in schools, making them attractive targets due to the abundance of personally identifiable and sensitive student data. Additionally, the impact of these attacks is exponential, as the records and data of thousands of former students and parents can be at risk even in small school systems.
The media attention garnered by ransomware attacks on educational institutions, such as the LA Unified School District incident, has also played a role in the increased targeting of this sector. Ransomware groups tend to follow trends that attract media coverage, leading to replication of attacks on similar targets.
Mass Exploitation and Vulnerability Exploits
The GRIT report also highlights the growing trend of ransomware groups exploiting zero-day vulnerabilities en masse. This involves conducting exfiltration and waiting for victims to reach out to coordinate ransoms. Noteworthy examples include the Cl0p attacks exploiting the MOVEit vulnerability against numerous organizations and the deployment of Nokoyawa ransomware through an exploited vulnerability.
Finn points out that the Cl0p group’s strategic planning capabilities are evident in their decision to delay the mass exploitation of the MOVEit vulnerability until after completing a different campaign earlier this year. The timing of these attacks, such as over holiday weekends with reduced staff availability, further highlights the level of sophistication demonstrated by ransomware groups orchestrated these activities.
Conclusion
Ransomware attacks continue to pose a significant threat to organizations, with May witnessing an increase in the number of victims. Although established groups like LockBit and AlphV experienced a decline, the emergence of new ransomware groups contributed to the overall rise in observed victims. These new groups bring innovative tactics to the table, including a shift towards single extortion.
Educational institutions have become prime targets for ransomware attacks due to the abundance of sensitive student data and media attention surrounding such incidents. Additionally, the mass exploitation of vulnerabilities has become a growing trend among ransomware groups, allowing them to conduct exfiltration and coordinate ransoms more efficiently.
To combat this escalating threat, organizations must remain vigilant in implementing robust cybersecurity measures, including data backups and monitoring systems for potential data exfiltration attempts. Collaboration between the public and private sectors is crucial to address these challenges effectively. As the landscape evolves, staying ahead of these sophisticated cybercriminals requires constant adaptation and proactive defense strategies.
<< photo by Pixabay >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Schneider Power Meter Vulnerability: A Window of Opportunity for Power Outages
- The Vulnerabilities of Gmail’s Blue Check Verification System
- The High Stakes of Cybersecurity: Exploring the MOVEit Ransomware Attack and the Implications for Norton’s Parent Company
- Unveiling the Tactics of the Russian APT Group Behind the Roundcube Email Server Hacks
- Data Breach Down Under: Australian Government Falls Victim to Law Firm Ransomware Attack
- The Rising Threat: Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces
- Rogue Android Apps Expose Pakistanis to Sophisticated Espionage Plot
- Genetic Testing Company Faces FTC Accusations of Health Data Breach
- Zyxel’s Race Against Time: Urgent Security Updates for Critical NAS Device Vulnerability
- Examining the Implications of a Year-Long Cyber Attack: Unveiling the Utilization of Custom Malware RDStealer
- Securing Tech Savvy Supply Chains: SaaS Solutions for Global Food Chains
- The Enigmatic Perpetrator: Unraveling the Mysterious Mystic Stealer
- The Rising Threat: Analyzing the New Mystic Stealer Malware
- LockBit Ransomware: Unleashing Havoc and Extracting $91 Million from U.S. Businesses
- The Urgency of Protecting Healthcare Systems from Ransomware Attacks
- The Power of Research: Safeguarding Private Data in the Digital Age
- “Circle and ForgeRock Collaborate to Bolster Digital Security in the Prevention-First Age”