Last updated at Fri, 09 Aug 2024 20:23:33 GMT
Few issues keep cybersecurity professionals up at night more than the threat of ransomware. 目标无处不在, the relative organization of threat actors, 和 their multiple paths of entry make combating ransomware particularly formidable.
但 there is one more facet to this threat that makes ransomware a vexing problem across all organizations: it’s evolving, 不断地.
在今天发布的一份新报告中 by Rapid7实验室, researchers, threat intelligence experts, 和 detection & response teams have put together the latest state-of-play in the ransomware space. The Ransomware Radar Report offers some startling insights into who ransomware threat actors are 和 how they’ve been operating in the first half of 2024.
The fact of the matter is, ransomware as a business is booming. 2024年上半年, Rapid7 researchers found an increase of 23% in the number of posts ransomware groups were making to their leak sites. This correlates with the amount of extortion attempts these groups are attempting as they are rarely quiet about who they infiltrate. 令人惊讶的是, 一个最新的团体, RansomHub, made the second-most number of posts among the groups studied, 在六个月的时间里有181人. 但, 从长远来看, 领导者, 完善LockBit, made 474 posts over the same time period.
This leads us to another intriguing finding: the number of new (or revamped) ransomware groups. We found that among a total of 68 unique groups posting extortion attempts, some 21 were either net new or rebr和ed from previous groups. The rebr和ed groups may indicate a bit of a silver lining as they are potentially due to the success of some recent law enforcement actions against ransomware threat actors.
However, threat actors are only half of the equation. The report also notes that the ransomware ecosystem may be moving away from the attacks on “big fish” we had seen in the past 和 toward smaller organizations as juicier targets. 例如, organizations with $5 million in annual revenue were five times more likely to be targeted than their larger counterparts. 这可能有很多原因, not the least of which is that these smaller organizations contain many of the same data threat actors are after, but they often have less mature security precautions in place.
Ransomware actors are also getting more sophisticated as businesses. They have their own marketplaces, sell their own products, 和 in some cases have 24/7 support. They also seem to be creating an ecosystem of collaboration 和 consolidation in the kinds of ransomware they deploy. Rapid7 researchers looked at different ransomware variants 和 found three distinct clusters of similarities. Essentially, many of these ransomware strains resemble one another. This could indicate collaboration among groups, reuse of source code, or the use of common builders. 其他 research avenues indicated that the number of ransomware families is going down — potentially showing that threat actors are focusing their efforts on more effective or specialized approaches.
The takeaways in this blog post are only the tip of the iceberg. The Ransomware Radar Report goes deep into the kinds of encryption algorithms that are trending at the moment 和 why, 有关流行编码语言的详细资料, 和 the varied tactics threat actors use to infiltrate organizations. To get the latest on ransomware 和 ensure your organization is well-informed 和 prepared for the fight against these threat actors, 在此下载报告.
