The cybersecurity company noted an uptick in ransomware gang activity last year following a small decrease in 2022.
Despite global law enforcement efforts to combat ransomware gangs, the incidents continue to increase steadily, according to a recent from Mandiant.
Researchers from the Google-owned company reported on Monday that they identified 50 new ransomware versions in 2023, with roughly a third originating from existing malware. The study emphasizes the widespread nature of the issue and the challenges in combatting cyber extortion. Despite increased focus from the White House, inclusion in the national cybersecurity strategy, and intensified law enforcement efforts against them, cybercriminals to generate over $1 billion in ransom payments from victims last year.
The report highlighted how hospitals and the healthcare industry have been significantly affected by network disruptions. For instance, Ascension, one of the country’s largest healthcare systems with 140 hospitals spanning 19 states, experienced an attack from the Black Basta ransomware variant last month. The continued outage resulting from this attack could potentially endanger lives. Mandiant’s discoveries align with a recent White House report regarding the country’s cybersecurity readiness, which highlighted the increasing occurrence of ransomware attacks. However, one challenge is that the reporting of such attacks is mostly voluntary. Therefore, evaluations of the prevalence of ransomware mainly rely on the limited perspective of cybersecurity firms. These firms’ comprehension of the issue is influenced by their clientele and the cybercriminal networks they are connected to.
The Cybersecurity and Infrastructure Security Agency is in the of finalizing a directive that would oblige a significant number of critical infrastructure owners and operators in the country to inform the agency about any ransomware payments within a 24-hour timeframe.
Mandiant’s analysis of the growing number of ransomware attacks is partly based on a 75% increase from the previous year in amount of posts found on data leak websites. These sites are often used by extortionists to publicly pressure companies into paying ransoms.
In 2023, Mandiant reported the highest number of data leak site posts since tracking began in 2020. Additionally, the cyber firm noticed a 20% rise in investigations that they took the lead on. The prominent variants identified by Mandiant in the previous year were ALPHV LOCKBIT, each accounting for 17% of all malicious activity.
The spike in ransomware attacks throughout 2023 followed a small decrease in extortion activities the year before, as noted in the report. Mandiant researchers speculated that 2022 might have been an unusual year due to external events like the Russian invasion of Ukraine or the leaked Conti chats.
#Cybersecurity
