rn

The ransomware threat landscape is seeing a concerning shift in attack techniques with the rampant abuse of zero-day and one-day vulnerabilities in the past six months, which led to a 143% increase in victims from Q1 2022 to Q1 2023.

rn

rn

Ransomware groups now increasingly target the exfiltration of files, which has become the primary source of extortion, as seen with the recent exploitation of GoAnywhere and MOVEit.

rn

rn

 Akamai research finds victims of multiple ransomware groups are almost 6x more likely to experience a subsequent attack within the first three months of the initial attack.

rn

rn

Ransomware groups, such as CL0P, are aggressively pursuing the attainment and development of in-house zero-day vulnerabilities. This has proven to be a successful strategy, with CL0P growing its number of victims by 9x from Q1 2022 to Q1 2023.

rn

rn

 LockBit dominates the ransomware scene with 39% of total victims (1,091 victims), more than triple the number of the second-highest ranked ransomware group. It has risen significantly in the absence of the previous front-runner, Conti, with its victim count increasing by 92% from Q4 2022 to Q1 2023.

rnrn”}}” data-cmp-is=”text”>

• The ransomware threat landscape is seeing a concerning shift in attack techniques with the rampant abuse of zero-day and one-day vulnerabilities in the past six months, which led to a 143% increase in victims from Q1 2022 to Q1 2023.

• Ransomware groups now increasingly target the exfiltration of files, which has become the primary source of extortion, as seen with the recent exploitation of GoAnywhere and MOVEit.

•  Akamai research finds victims of multiple ransomware groups are almost 6x more likely to experience a subsequent attack within the first three months of the initial attack.

• Ransomware groups, such as CL0P, are aggressively pursuing the attainment and development of in-house zero-day vulnerabilities. This has proven to be a successful strategy, with CL0P growing its number of victims by 9x from Q1 2022 to Q1 2023.

•  LockBit dominates the ransomware scene with 39% of total victims (1,091 victims), more than triple the number of the second-highest ranked ransomware group. It has risen significantly in the absence of the previous front-runner, Conti, with its victim count increasing by 92% from Q4 2022 to Q1 2023.

According to our latest State of the Internet (SOTI) report, in an evolving ransomware landscape in which adversaries seek to evolve past the ability of their victims to defend, ransomware groups are shifting their attack techniques from phishing to put a greater emphasis on zero-day vulnerability abuse. Vulnerability abuse has grown considerably, both in scope and sophistication, as we extensively examined in our 2022 reports, such as Slipping Through the Security Gaps. rn

In addition, ransomware groups have become more aggressive in their methods of both extortion and vulnerability exploitation, such as through in-house development of zero-day attacks and bug bounty programs. Ransomware groups are willing to pay for the opportunity for financial gain, whether it’s to pay other hackers to find vulnerabilities in their software, or to acquire access to their intended targets via initial access brokers (IABs).

rn”}}” data-cmp-is=”text”>

According to our latest State of the Internet (SOTI) report, in an evolving ransomware landscape in which adversaries seek to evolve past the ability of their victims to defend, ransomware groups are shifting their attack techniques from phishing to put a greater emphasis on zero-day vulnerability abuse. Vulnerability abuse has grown considerably, both in scope and sophistication, as we extensively examined in our 2022 reports, such as Slipping Through the Security Gaps. 

In addition, ransomware groups have become more aggressive in their methods of both extortion and vulnerability exploitation, such as through in-house development of zero-day attacks and bug bounty programs. Ransomware groups are willing to pay for the opportunity for financial gain, whether it’s to pay other hackers to find vulnerabilities in their software, or to acquire access to their intended targets via initial access brokers (IABs).

Attackers are also shifting gears regarding tactics that can generate a more profitable pathway of value. They are finding more success as they move away from their initial extortion tactic — encryption — and focus their efforts more on data theft to gain an advantage over organizations that rely on their backups. rn

This also allows attackers to resort to additional extortion tactics like harassing the victim’s customers or partners, through emails or phone calls, to get them to encourage the victim to pay (Figure 1). Some of the emerging attack techniques also include phishing emails with new types of payload with attackers ditching the use of macros, the use of stolen credentials, and drive-by compromises. 

rn”}}” data-cmp-is=”text”>

Attackers are also shifting gears regarding tactics that can generate a more profitable pathway of value. They are finding more success as they move away from their initial extortion tactic — encryption — and focus their efforts more on data theft to gain an advantage over organizations that rely on their backups. 

This also allows attackers to resort to additional extortion tactics like harassing the victim’s customers or partners, through emails or phone calls, to get them to encourage the victim to pay (Figure 1). Some of the emerging attack techniques also include phishing emails with new types of payload with attackers ditching the use of macros, the use of stolen credentials, and drive-by compromises. 

Fig. 1: Overview of the ransomware kill chain, including some of the updates in extortion tactics