Security vendor WithSecure’s tracking reveals a concerning trend in the ransomware landscape, with nearly half of the 60 tracked ransomware groups initiating operations in 2023. Established entities like 8Base, Alphv/BlackCat, Clop, LockBit, and Play remain dominant, contributing to over 50% of data leaks in the first nine months of 2023. However, the emergence of new ransomware variants significantly impacts the market, with these recent groups responsible for 25% of data leaks in this period, contributing to a 50% year-on-year increase in data leaks.
The rise of newcomers such as Royal, Akira, and Blacksuit can be linked back to the Conti group, whose code leaked following a notorious data breach. Moreover, the leak of Lockbit and Babuk source codes, exploited by other ransomware gangs after disgruntled affiliates released them, further fuels the proliferation of these variants.
WithSecure highlighted the fluidity within ransomware groups, likening their structure to IT companies, where personnel changes can lead to the transfer of unique skills and knowledge. This results in a cross-pollination effect among ransomware groups, sharing proprietary resources without ethical constraints.
Despite this evolution, WithSecure suggests that the lack of innovation among ransomware variants might benefit network defenders. Recognizing the recurrent nature of these attacks allows organizations to better prepare for potential breaches, improving incident response and cyber-resilience strategies.
In a related study by OpenText, alarming findings emerge: despite nearly half of enterprises and SMBs admitting previous ransomware attacks, over half of UK enterprises and two-thirds of SMBs remain uncertain or oblivious to their status as potential ransomware targets. This “optimism bias” outlined in the 2023 OpenText Cybersecurity Global Ransomware Survey highlights a dangerous disconnect between perceived vulnerability and actual exposure to ransomware threats.