For the first three months of 2022, researchers discovered that more than half of the recorded ransomware attacks were performed by two of the most notorious gangs in the threat landscape, Conti and LockBit 2.0.
Based on experts’ analysis, the two threat groups were responsible for 58% of overall ransomware attack incidents from January to March 2022 and were the most active against all the other ransomware gangs around. Compared to Conti, LockBit is the most prolific after associating for 38% of the attacks, while the former is only responsible for 20% in the same time frame.
As usual for ransomware campaigns, the threat groups exfiltrate sensitive data and threaten their victims to publish it if their ransom requests do not get settled. From the data gathered by security analysts, LockBit has leaked over 200 of its victims’ data, thus being the most prolific gang.
Nonetheless, other ransomware groups were also active in the cybercrime scene to launch attacks aside from Conti and Lockbit, with some of them including Hive and Blackbyte.
Last February, Conti’s major opposition ‘Conti Leaks’ leaked the threat group’s internal chat logs, source code, and other info to the public. The ransomware gang remained unfazed and continued rampaging to execute attacks despite that setback.
Experts explained that the group would continue their operations even with Conti Leaks trying to disrupt them; however, they highlighted that the gang’s reputation might have been affected, especially as they are attracting new affiliates.
Aside from the top two gangs, the PYSA ransomware gang is the third of the most active groups that performed attack campaigns in the last few months of 2021 but disappeared as 2022 began. The same observations have been noticed with the Revil group, who seemed quiet for this new year.
Since the old ransomware groups are becoming lesser active, new ones are emerging to continue propagating chaos in the cybercrime landscape. Since January, experts have detected these new ransomware groups, including Night Sky, Pandora, and x001xs. Some analysts believe that the old members of the inactive threat groups have transferred into the new ones to continue working on illegal operations.
Organisations prone to ransomware attacks need to apply updated security patches to their operating systems and implement multi-factor authentication to have extra defence from possible attacks. Frequently changing passwords is also highly recommended.