Meanwhile, the malware itself evolved, adding an LDAP-based self-spreading mechanism. When we published our initial report on BlackBasta in April 2022, we were only aware of one victim, but the number has since sharply increased. However, the most active family that saw light in 2022 was BlackBasta. Ransomware groups come and go, and it is little wonder that some of them ceased operations last year as others emerged.įor example, we reported on the emergence of RedAlert/N13V, Luna, Sugar, Monster, and others.
AVAST RANSOMWHERE CODE
Pro-Ukrainian message inside the malware code What else shaped the ransomware landscape in 2022 The developer warns against using their malware in Ukraine After the article appeared, the author made sure that the malware did not affect users in Ukraine and included a pro-Ukrainian message inside the malware. Our research showed that there was a whole malware ecosystem around Eternity, including a ransomware variant. We created a private report about this after an article claimed that the malware was used in the geopolitical conflict. There was one peculiar sample: a stealer called Eternity. Employees of the victim organizations could use these sites to check if their names had popped up in stolen data, thus increasing the pressure on the affected organization to pay the ransom.Īlthough the third trend we spotted last year was one of ransomware gangs taking sides in the geopolitical conflict, it does not apply to them exclusively. They registered domains under names that looked like those of breached organizations, setting up Have I Been Pwned-like websites.
AVAST RANSOMWHERE ARCHIVE
Security researchers discovered an archive that contained test builds of the malware for a number of less common platforms, including macOS and FreeBSD, as well as for various non-standard processor architectures, such as MIPS and SPARC.Īs for the second trend, we saw that BlackCat adjusted their TTPs midway through the year. The ransomware, which focused on non-Windows platforms, supported the halting of VMs in an ESXi environment, clearly indicating what the attackers were after.Īnother ransomware family, LockBit, has apparently gone even further. A few months after last year’s blog post came out, we stumbled across a new multi-platform ransomware family, which targeted both Linux and Windows. Ransomware gangs taking sides in the geopolitical conflict.
The ransomware ecosystem evolving and becoming even more “industrialized”.Threat actors trying to develop cross-platform ransomware to be as adaptive as possible.Last year, we discussed three trends in detail: On the eve of the global Anti-Ransomware Day, Kaspersky looks back on the events that shaped the ransomware landscape in 2022, reviews the trends that were predicted last year, discusses emerging trends, and makes a forecast for the immediate future. Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted. In 2022, Kaspersky solutions detected over 74.2M attempted ransomware attacks which was 20% more than in 2021 (61.7M). In a quest for profits, attackers target all types of organizations, from healthcare and educational institutions to service providers and industrial enterprises, affecting almost every aspect of our lives.
0 kommentar(er)
