Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Dynamic shifts in the ransomware landscape worth keeping an eye on

published on 2022-12-07 05:47:03 UTC by
Content:

Over recent weeks, several pertinent shifts in the ransomware threat landscape have been observed, including mainstays developing their tactics to new players on the scene.

Aside from established groups expanding their tactics, techniques, and procedures (TTPs) and launching recruitment drives, multiple new ransomware threats have risen to prominence including AXLocker, Royal, Octocrypt, and Alice.

By the end of Q3, 62 active ransomware threats were identified within the threat landscape. However, since the beginning of Q4 several new groups have risen to prominence.

Security researchers at Cyble have identified three new ransomware threats including two new ransomware-as-a-service (RaaS) operators dubbed Octocrypt and Alice.

Activity related to both groups has been observed on underground forums including advertisements highlighting the ransomware capabilities and features.

Additionally, Microsoft have tracked DEV-0569 to be leveraging Royal ransomware, a ransomware that first emerged in September 2022, which is using Google advertisements to facilitate campaigns.

Although several new threats have been recently identified, it is also notable that numerous established ransomware and data theft groups have been actively expanding their operations.

Karakurt, a group suspected to have affiliations with the defunct Conti ransomware gang, were identified to be recruiting affiliates and scoping insider threats within organisations globally.

Aside from Karakurt, Donut, a group who also previously focused on data theft, have adopted a double-extortion model.

The group have been leveraging customised ransomware in recent attacks and the cross-posting of victim data has indicated associations with several other ransomware threats, including Hive and Ragnar Locker.

RansomEXX have also developed a new variant of their ransomware over the past week which is written in Rust, a programming language heavily abused by threat actors due to increased likelihood successfully evading antivirus.

Given the continued development of ransomware operations, it is almost certain that significant activity from financially motivated groups will continue throughout Q4.

The ransomware landscape remains dynamic and the activity from new and established groups demonstrates the ability threat actors have to quickly expand their network and tools arsenal.

The UK now ranks third in a list of countries who suffers the most ransomware attacks with reports stating that ransomware dominates discussions at the government’s emergency COBRA meetings.

Consequently, ransomware continues to pose an exponential threat to UK organisations.

For more of our stories on ransomware, type 'ransomware' into the search box.


Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


Article: Dynamic shifts in the ransomware landscape worth keeping an eye on - published almost 2 years ago.

https://www.emcrc.co.uk/post/dynamic-shifts-in-the-ransomware-landscape-worth-keeping-an-eye-on   
Published: 2022 12 07 05:47:03
Received: 2022 12 11 12:45:09
Feed: The Cyber Resilience Centre for the East Midlands
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor