The first half of 2023 saw more victims impacted by ransomware attacks than in the entirety of 2022 as threat actors continue to leverage Ransomware-as-a-Service (RaaS) platforms to execute their attacks, according to a new report.
“Russia has become one of the leading threat actors in the world... after several cyberattacks in 2022, including on Ukrainian government websites, organizations and companies, several Russian groups such as Sandworm, Callisto and Gamaredon continued their campaigns against the Eastern European nation in H1 2023,” Security Magazine reports.
“In addition to Russia, the report identified a new command and control framework, named PhonyC2, which has been used by the Iranian-based MuddyWater group since at least 2021. The threat lab also observed and analyzed a previously undocumented and undetected new variant of BPFdoor by Red Menshen, a Chinese threat actor.”
Takeaway: More than 2,300 organizations succumbed to ransomware attacks in just the first half of 2023, with the vast majority carried out by only three ransomware operators: LockBit (35.3%), BlackCat//ALPHV (14.2%), and Cl0p (11.9%).
Overall, ransomware attacks were up 74% in Q2-2023 over Q1. Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars.
RaaS operators and other data extortion attackers are developing custom tooling and implementing novel evasion techniques into their payloads designed to evade or completely circumvent traditional endpoint protection solutions.
Ransomware operators are expanding their addressable target range with additional Linux variants emerging, as well as one of the first viable variants targeting macOS.
Furthermore, ransomware attacks are creating liability issues and intellectual property loss for organizations as attackers focus on the exfiltration of sensitive data prior to delivering the ransomware payload.
The Halcyon team of ransomware experts publish a quarterly RaaS and extortion group power ranking guide as a quick reference. The Q2-2023 report is available here: Power Rankings: Ransomware Malicious Quartile Q2 2023 (PDF).
Some interesting trends emerged in the first half of 2023, evidence that ransomware operators are investing heavily in development and are improving operational efficiencies through automation:
Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars.
Until the US government directly sanctions Russia for their direct and/or tacit support of ransomware and data extortion operations, we will not see attacks subside any time soon.
Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile (PDF).