Security News > 2021 > December > Ransomware Empire: Who might blackmail your company?

In our report "Hi-Tech Crime Trends 2021/2022. Part II. Corporansom: threat number one," Group-IB attempted to figure out how the focus of the ransomware industry shifted from advanced targeted attacks to non-targeted affiliate malware distribution programs by looking into the history of how these services developed.

Using the capabilities of our Threat Intelligence & Attribution system, we looked in detail into major malware samples, tactics, techniques, and tools used by threat actors, as well as into events in the dark web that led to the emergence of today's Ransomware Empire.

The use of the double extortion technique based on DLSs, the active development of the RaaS program market, as well as the increasing popularity of ransomware programs among cybercriminals who used to have a more difficult way to make money have all contributed to the emergence of the Ransomware Empire on the cybercriminal stage.

The pace of new DLSs emergence has been much higher: to compare, in 2021, Group-IB analysts detected 29 new DLSs, and only 12 new affiliate programs, which suggests that many ransomware gangs' programs remain private.

In the current year, the situation changed, and the share of certain ransomware gangs decreased, as the number of small ransomware groups went up.

The market for ransomware as a service has rapidly expanded and many financially motivated groups have shifted their focus to ransomware attacks, two factors which both led to a spike in the number of investigated incidents of this kind.

News URL

https://www.helpnetsecurity.com/2021/12/22/ransomware-empire/