Kaspersky experts share how major gang shutdowns affected ransomware trends for 2023

Woburn, MA – May 11, 2023 — Ransomware groups are still managing to come up with new, elaborate techniques that continue to make headlines for their ability to profit from organizations among all industries. Ahead of tomorrow’s Anti-Ransomware Day, Kaspersky has released a new report reviewing last year’s ransomware predictions as well as insights into what the landscape will look like in 2023.

In 2022, Kaspersky solutions detected more than 74.2M attempted ransomware attacks, a 20 percent increase than in 2021 (61.7M). During the same time in the beginning of 2023, experts saw a slight decline in the number of ransomware attacks, however the caveat is that they became more sophisticated and targeted. Moreover, the top five most influential and prolific ransomware groups have drastically changed over the last year. The deceased REvil and Conti groups that were popular in H1 2022 were replaced by Vice Society and BlackCat in Q1 2023. 

A review of last year’s ransomware trends shows that they all persisted. In the latter half of 2022 and the beginning of 2023, there were several cross-platform ransomware modifications that caught researchers’ eyes such as Luna and Black Basta. Ransomware gangs have also become more industrialized with groups such as BlackCat adjusting their techniques over the year. For now, employees of victim organizations must check to see if they are listed in the stolen data, thus increasing the pressure on the affected organization to pay a ransom. The geopolitical situation has seen some ransomware groups take sides in conflicts including the Eternity stealer as this group created an original ecosystem with a new ransomware variant.

For 2023, Kaspersky experts have presented three key ransomware threat landscape development trends. The first refers to more embedded functionality used by various ransomware groups such as self-spreading functionality or an imitation of it. Black Basta, LockBit, and Play are among most significant examples of ransomware that spreads on its own.

The next trend to recently emerge is a driver abuse for malicious purposes – an old trick. Some of vulnerabilities in AV driver were exploited by AvosLocker and Cuba ransomware families, however observations by Kaspersky experts show that even the gaming industry can fall victim to this sort of attack. Reportedly, the Genshin Impact anti-cheat driver was used to kill endpoint protection on the target machine, and the trend continues to be watched with high-profile victims such as government institutions in European countries.

Finally, Kaspersky experts draw attention to how the largest ransomware gangs are adopting capabilities from either leaked code or code sold by other cybercriminals, which may improve their malware’s functions. Recently the LockBbit group adopted code, at least 25 percent of the leaked Conti code, and issued a new version based entirely on it. These types of initiatives provide affiliates with similarities and facilities to work with ransomware families that previously worked together. Such moves can strengthen their offensive capabilities and companies should keep this in mind for their defense strategies.

“Ransomware gangs continually surprise us, and never stop developing their techniques and procedures. What we’ve been watching throughout the last one and a half year is that they are gradually turning their services into full-fledged businesses. This fact makes even amateur attackers quite dangerous,” said Dmitry Galov, senior security researcher at Kaspersky’s Global Research and Analysis Team. “To make your business and your personal data safe, it’s very important to keep your cybersecurity services updated.”

Learn more about current ransomware trends in the full report on Securelist.

• Today at 10am EST, Sergey Lozhkin, Dmitry Galov, Marc Rivero, and Dan Demeter, Kaspersky's GReAT will discuss the latest trends in the ransomware market, focusing on new ransomware groups, their techniques and targets. Register for the webinar here:  https://kas.pr/u9i6

Ahead of Anti-Ransomware Day on May 12, Kaspersky encourages organizations to follow these best practices that help safeguard your organization against ransomware:

• Always keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network.
• Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminals’ connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency.
• Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions.
• Install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within Kaspersky Expert Security framework.
• Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for Kaspersky’s TI, providing cyberattack data and insights gathered by our team for over 20 years. To help businesses enable effective defenses in these turbulent times, Kaspersky has announced access to independent, continuously updated and globally sourced information on ongoing cyberattacks and threats, at no charge. Request access to this offer here.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.usa.kaspersky.com.

Media Contact:

Cassandra Faro

Cassandra.Faro@Kaspersky.com

781-503-1812