Ransomware

Backed by threat actors from Conti, Royal ransomware is poised to wreak havoc in the threat landscape, starting strong by taking a spot among the most prolific ransomware groups within three months since it was first reported. Combining new and old techniques and quick evolution, it is likely to remain a big player in the threat landscape in the future.

Our annual cybersecurity report sheds light on the major security concerns that surfaced and prevailed in 2022.

Our research paper shows how decision-makers that are in a position to affect ransomware at scale – including policy-makers and industry leaders – can use data-science approaches to understand ransomware risk holistically and build cybersecurity strategies that can affect the ransomware ecosystem as a whole.

We discuss the essential features of the ransomware threat landscape in the fourth quarter of 2022. Our data reveals a key pattern throughout 2022: Established ransomware groups preferred to target small and midsize organizations in North America and Europe.

The Magniber ransomware initially targeted only Asian countries when it was first detected in 2017. However, it resurfaced in 2021 and continues to operate today with expanded targets around the globe. Magniber remains a significant player in the threat landscape, with malicious attackers likely to continue using the ransomware in future.

Our research looks at the potential evolutions and revolutions in the current ransomware landscape based on significant triggers and catalysts. We highlight the specific developments (triggers) that could cause gradual changes (evolutions) before sparking more drastic transformations (revolutions).

Enterprises and organizations are facing a period of transition and uncertainty – malicious actors will hunker down and reuse tried-and-tested tools and techniques.

Cuba ransomware emerged on the scene with a spate of high-profile attacks in late 2021. Armed with an expansive infrastructure, impressive tools, and associated malware, Cuba ransomware is considered a significant player in the threat landscape, and is likely to remain so in the future through its continued evolution.

We discuss key trends in the ransomware threat landscape from April to September 2022. Data from RaaS and extortion groups’ leak sites, open-source intelligence (OSINT) research, and the Trend Micro™ Smart Protection Network™ points to LockBit, BlackCat, Black Basta, and Karakurt as the most active groups with the most victims.