Security News > 2022 > February > Law enforcement action push ransomware gangs to surgical attacks

The numerous law enforcement operations leading to the arrests and takedown of ransomware operations in 2021 have forced threat actors to narrow their targeting scope and maximize the efficiency of their operations.
Most of the notorious Ransomware-as-a-Service gangs continue their operations even after the law enforcement authorities have arrested key members but have refined their tactics for maximum impact.
According to an analysis published by Coveware, which looks at ransom negotiation data from Q4 2021, ransomware groups now demand higher ransom payments instead of increasing the volume of their attacks.
"Although medium and large organizations continue to be impacted, ransomware remains a small business problem with 82% of attacks impacting organizations with less than one thousand employees," explains Coveware.
In Q4 2021, the most frequently encountered variant was Conti, accounting for 19.4% of all detections, LockBit 2.0 came second with 16.3%, and Hive third with 9.2%. Considering that the top three ransomware operations engage in double-extortion tactics, it is no surprise that 84% of all attacks in Q4 2021 involved stolen data too.
The actors performed lateral movement in 82% of ransomware attacks, attempting to pivot to more systems on the same network.
News URL
Related news
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Sensata Technologies hit by ransomware attack impacting operations (source)
- Ransomware attack cost IKEA operator in Eastern Europe $23 million (source)
- Kidney dialysis firm DaVita hit by weekend ransomware attack (source)
- Ahold Delhaize confirms data theft after INC ransomware claims attack (source)