New research showed that ransomware groups had increased the usage of their own or stolen computer code. These groups are believed to be moving away from a leasing model type of attack that is easier to detect by threat analysts.
Most of the notorious hacking groups in the previous years have orchestrated their attacks by renting their malicious software and computing infrastructure from other malicious actors. This model is known as the Ransomware-as-a-Service (RaaS).
This type of transaction has boosted numerous ransomware attacks by different threat groups. The most well-known groups that offered potent RaaS are Conti and REvil. These groups are responsible for cybercriminal activities targeting other organisations worldwide.
Ransomware groups employing the leasing method have decreased over the past few months.
According to analysts, there is an increasing trend in which the ransomware groups are slowly adopting a non-RaaS type of attack. Many smaller hacker gangs have now used their code or stole from other actors to use them for their attacks.
This recent transition of the ransomware actors may have been linked to the inactivity of many cybercriminals since adopting this new technique requires time to grasp the strategy entirely.
Unfortunately, this upgrade from the threat actors gave the researchers a tough time identifying an attacker’s movement. A researcher explained that a group called Onyx had employed the new strategy by reusing Conti’s source code and targeting several victims.
The US Treasury Department disclosed that their country’s financial institutions paid over a billion ransomware-related payments last year. According to the agency, most incidents were caused by breaches from Russian threat groups.
The latest tally was an alarming issue since the value of the payment has doubled since 2020, which caused massive damage to both government and public sectors.
Cybersecurity experts believe smaller groups use these tactics to escape notorious hacking organisations. They have now used their source code to lessen the chances of being tracked down by law enforcement.
Therefore, there might be a potential upward trend in which smaller ransomware groups execute attacks using their own or stolen source codes.
