Ransomware Gangs Now Employ a New Technique

Threat analysts have recently noticed a surprising tendency in ransomware gang strategies. According to them, the initial stages of victim extortion are becoming less visible to the public, as cybercriminals prefer to use concealed or anonymous entries.

The fact that the ransomware groups do not reveal their target’s identities right away gives them a longer period of time to negotiate the ransom payment in secrecy while still putting pressure on the victims threatening to leak the stolen data.

The Q1 2022 ransomware study from KELA, an Israeli cyber-intelligence firm, explains this trend and outlines multiple changes in the field:

As per the report, the total number of companies that fell victims to ransomware attacks (698) dropped by 40% in Q1 of 2022 compared to Q4 2021 (982), with LockBit dethroning Conti as the most active cybercrime organization since the beginning of the year.

The number of attacks carried out by the Conti ransomware group decreased in January 2022 but increased after Conti’s internal data was publicly revealed.

LockBit, the most widespread and well-known ransomware threat, reported 226 victims, nearly identical to the previous quarter.

LockBit, Conti, Alphv, Hive, and Karakurt (recently discovered to be a side operation of Conti) were

Read More: https://heimdalsecurity.com/blog/ransomware-gangs-now-employ-a-new-technique/