While the likes of REvil, Ragnar Locker, BlackMatter and Conti are the ransomware gangs that steal the headlines for devastating cyber attacks, surprisingly it is three lesser-known gangs that account for the majority of global ransomware attacks.
These three ransomware families make up 64% of all threats detected, according to telemetry data gathered by researchers.
A new report revealed that there are a total of 250 different ransomware families, but just three dominated the field in terms of sheer attack volume.
WannaCryptor accounted for 30% of threats, Stop/DJVU tallied up 19% and Phobos just behind with 15%.
Other threat actors to appear in the report include BearCrypt, Locker, Avaddon, BrainCrypt, GoldenEye, Cerber and Lockbit. The report, unfortunately for businesses, shows the sheer scale of the current ransomware threat landscape. It is large and seemingly ever-increasing, making it all the more important for businesses to stay aware of what is going on in the cyber world.
Lockbit, one of the better-known names on the list, was behind the late August attack on Bangkok Airways and published the airline’s sensitive files after they failed to pay up. The cyber hit was reportedly linked to an Accenture breach earlier in the month.
With the headlines that groups such as REvil, Ragnar Locker, BlackMatter and Conti generate, most would think their attacks represent the greatest threat to organisations. However, those attacks are rare and highly targeted, go after large ransoms, and take weeks or even months of intense recon and preparation.
The higher-volume attacks are instead carried out by ransomware affiliates looking for quick strikes and low-hanging fruit, many of them aimed at smaller businesses.
Researchers said: “Opportunistic adversaries and Ransomware as a Service groups represent a higher percentage compared to groups that are more selective about their targets, since they prefer more volume instead of higher value.”
This means that many of the attacks might be limited, but this doesn’t mean they should be taken lightly. This point is especially pertinent as the report only analysed detected malware, rather than the extent of the infections within a company that fell victim to an attack.
While detection isn’t the same as an infection, the results show the ransomware threat landscape continues to be dominated by a handful of RaaS groups launching mass attacks on unsuspecting users and organisations.
Neuways advises businesses to be extremely wary of any emails received. This report presents the scale of the cyber threats that could be targeting your own organisation, in order to extort you for money. Phishing Awareness Training can help your employees come to understand and recognise the types of phishing email threats that they could receive.