2023 was a big year for ransomware, with the number of threats rising after a two-year decline, breaking a six-year record, new research has claimed.
A report from Mandiant has revealed the rising popularity of ransomware-as-a-service (RaaS), also means the barrier for entry has been severely reduced, and as a result, the number of victims posted on data leak sites rose substantially.
As per the paper, there has been a 75% increase in the number of businesses posted on data leak sites between 2022 and 2023, with organizations across 110 countries affected.
Bye bye, Cobalt Strike
Many old and known ransomware families have also been getting new variants, signaling ongoing development and resource sharing among the cybercriminal community. In fact, roughly a third of all new ransomware families Mandiant observed and tracked in 2023 were variants of previously identified versions.
Mandiant also says that while ransomware variants are changing, the attackers are also pivoting to new tools when it comes to initial access. While in earlier years, malicious tools were dominating, they are now slowly being replaced with legitimate tools being used for malicious purposes. Most notably, Cobalt Strike, a super popular threat emulation tool that was essentially hijacked by cybercriminals, is slowly being phased out. In its place are now multiple legitimate remote access tools.
Hackers are also moving faster than before, cutting down on dwell time and deploying ransomware sooner, Mandiant says. In almost a third of incidents, ransomware was deployed within 48 hours of initial attacker access, which means threat actors are now better at mapping out IT infrastructure, networks and systems.
Finally, they are still running encryptors in the after-hours: more than three-quarters (76%) of all ransomware deployments happened outside of work hours, usually in the early morning.
More from TechRadar Pro
- A new ransomware is hijacking Windows BitLocker to encrypt and steal files
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now