Let's summarize and find out who was notorious this year!
Over the past year, the groups have broken up and re-formed, but one thing is certain - they continue to exist.
Despite all efforts, the ransomware problem continues to grow, with a recent report from cybersecurity company Zscaler showing an 80% increase in ransomware attacks compared to last year. Key trends included dual ransomware, supply chain attacks, ransomware-as-a-service (RaaS), group rebranding, and geopolitically motivated attacks.
For example, this year the well-known extortionist group Conti broke up, but its members have only moved forward, forming new gangs.
LockBit has been around since 2019 and is based on the RaaS model. The largest group, accounting for more than 4 out of 10 ransomware victims, according to GuidePoint Security. The LockBit hackers are believed to be linked to Russia.
The LockBit 3.0 ransomware version was released in June and has already spread to 41 countries, according to Intel 471. The main targets are professional services, consulting and manufacturing, consumer and industrial goods, and real estate.
In addition, LockBit has launched its own Bug Bounty program, offering up to $1 million to find vulnerabilities in its malware, leak sites, Tor network, or messaging service.
The Black Basta group first appeared this spring and attacked at least 20 companies in the first 2 weeks. The band is speculated to be made up of former members of Conti and REvil.
Black Basta is currently running a campaign using QakBot malware, a banking trojan used to steal victims' financial data, including browser information, keystrokes, and credentials.
Black Basta is believed to have hit about 50 organizations in the US in the last quarter, including the American Dental Association (ADA) and Canadian food retailer Sobeys. More than half of the group's targets were from the US.
Hive, the third most active ransomware group this year, focuses on the industrial sector as well as healthcare, energy and agriculture organizations. According to the FBI, hackers attacked 1,300 companies around the world, especially in the healthcare sector, and received about $100 million in ransom.
In recent weeks, the group has claimed responsibility for an attack on Indian energy company Tata Power, posting the firm's data online, as well as several US colleges.
Hive is believed to work with other ransomware groups and has its own customer support and sales teams. The group is also engaged in triple extortion.
ALPHV/BlackCat is one of the most sophisticated and flexible ransomware families based on the Rust programming language that has been around for about a year now. The group is believed to be made up of ex-members of the REvil Gang and are affiliated with BlackMatter (DarkSide).
The group also operates on a RaaS model, exploiting known vulnerabilities or unprotected credentials and then conducting DDoS attacks to force the victim to pay a ransom. BlackCat hackers expose stolen data through their own search engine.
The group's targets are critical infrastructure organizations, including airports, fuel pipeline operators and refineries, as well as the US Department of Defense.
Ransom demands run into the millions, and even when the victim pays, the group does not always provide the promised decryption tools.
A relatively new player that targets organizations in Australia, North America and the UK. The group is rapidly launching new command and control (C&C) servers onto the network, indicating that the hackers are planning to significantly increase activity.
Like many other ransomware, BianLian is based on the Go language, which makes it highly flexible and cross-platform. According to Redacted, the group is made up of relatively inexperienced cybercriminals, as they are not familiar with the practical business aspects of ransomware and the logistics associated with it. The group's wide range of victims indicates that it is motivated by money rather than any political ideas.
Other new groups
The world of ransomware is constantly changing and several groups have changed their name: DarkSide is now BlackMatter, DoppelPaymer has become Grief, and Rook has changed its name to Pandora. In addition, new groups have appeared over the past year - Mindware, Cheers, RansomHouse and DarkAngels. We will probably hear about them next year.