Corroborating the above statement regarding the increasing availability of a plethora of ransomware variants is an interesting case that took place in September of 2023. A ransomware threat actor accessed one of Symantec’s client’s environments and attempted to deploy LockBit ransomware, however, the client was able to detect and block LockBit’s variant before the impact stage. With a demonstration of tenacity, the threat actor instead tried to deploy a much newer variant; 3AM (the first observation of which was very possibly this same incident), which was instead successful, although it was still subsequently blocked after just three machines were affected . This is a quintessential example of threat actors having a pool of variants to choose from, making their attacks far more persistent and difficult to block, and thereby potentially increasing the overall ransomware cases across the year. If this develops into a trend and is not a one off incident, the standard approach for proactive security measures may not end at simply knowing which groups are targeting a specific sector and region and defending accordingly. Instead, it may have to include a holistic view of the whole ransomware threat landscape with constant IoC ingestion for every emerging group, to avoid successful “second attempts.” This occurrence does also raise an intriguing question regarding the loyalty of affiliates to their ransomware groups, as this instance implies that the usage of them is somewhat interchangeable.
Another curious case that took place in 2023 involved a ransomware attack on a university in the UK, where the threat actors emailed students and staff detailing the data that they had stolen, likely in an attempt to get the victims to apply more pressure on the university. This has aptly been referred to as another triple- extortion technique, as it is yet another way to tighten the threat actor’s grip on the victim; first there was the addition of DDoS to the attacks, then the withholding of victim names and only revealing them after their ‘time had run out,’ and now there is this. Irrespective of whether or not this technique will be repeated, we are certain of one thing; ransomware groups will continue to innovate in their extortive techniques in an effort to continuously increase their success rates. As such, we reiterate the importance for organisations to remain vigilant and consistently enhance their defensive mechanisms. If this influx of new threat actors continues in 2024, we can expect a similar increase in ransomware cases from 2023-2024, and perhaps an even larger one if the arrival of new ransomware groups occurs exponentially. As our findings for the year highlight, double extortion ransomware is showing no signs of slowing down and its popularity, scope, and impact, are heightening on at least a yearly basis. So, unless we have finally reached a plateau which is unlikely at this point, and if there is a similar increase for 2023- 2024 as there was from 2022-2023, the number of ransomware cases could even double by the end of the year.
30
Made with FlippingBook - PDF hosting