Ransomware gangs experienced a resurgence last year, with victims paying $1.1 billion to hackers, a record high according to a study.
Following a lull in 2022, cybercriminals intensified operations in 2023, targeting hospitals, schools, and major corporations worldwide.
Chainalysis, a cryptocurrency research firm, reported that ransom payments doubled compared to 2022, with $567 million paid out that year.
The report highlighted the “big game hunting” aspect of attacks last year, with a higher proportion of ransom payments exceeding $1 million as wealthier companies were targeted.
“2023 will be the year of a major resurgence in ransomware, with record payout amounts and a significant increase in the scope and complexity of attacks. This is a significant reversal from the decline observed in 2022,” Chainalysis said.
In a ransomware attack, hackers typically infiltrate a target’s computer system, infect it with malware, and encrypt files, rendering them inaccessible. New trends involve attackers extracting data such as staff and customer details from IT systems and demanding payment to unlock the files or delete stolen data copies.
Chainalysis attributed the decline in payments in 2022 to factors including Russia’s invasion of Ukraine. Most ransomware groups are linked to Eastern Europe, the former Soviet Union, and Russia. Some fraudsters have been disrupted or turned ransomware into politically motivated cyberattacks.
The FBI disrupted the Hive ransomware group by obtaining their decryption keys and preventing victims from paying a $130 million ransom. Chainalysis also cited research showing a rise in the number of attackers and ransomware variants involved in attacks over the past year.
“The main thing we’re seeing is an astronomical increase in the number of attackers conducting ransomware attacks,” said Alan Liska, an analyst at cybersecurity firm Recorded Future.
According to Recorded Future, 538 new ransomware variants are expected in 2023, indicating the emergence of new and independent groups. The Clop group emerged as a key player last year by claiming responsibility for the hack of payroll provider Zellis, affecting customers like British Airways, Boots, and the BBC.
The British Library is still recovering from a ransomware attack by the rebranded group Rhysida that targeted the library in October.
The growth of ‘ransomware-as-a-service’, renting malware to criminals in exchange for a share of the profits, and the activity of ‘initial access brokers’ who sell vulnerabilities in potential targets’ networks to ransomware attackers have become trends.
Ellie Ludlum, a partner specializing in cybersecurity at British law firm Pinsent Masons, anticipates the rise in attacks to continue. “This increase is expected to continue in 2024, with continued focus on mass data exfiltration by threat actor groups, which may result in increased ransom payments by affected companies,” she stated.
Source: www.theguardian.com
