Security News > 2022 > September > The Week in Ransomware - September 30th 2022 - Emerging from the Shadows
As expected, threat actors now use the leaked LockBit 3.0 ransomware builder for their ransomware operations.
Another interesting research is the prediction that ransomware gangs may move away from encrypting altogether and switch to pure data exfiltration and file deletion to cut out the ransomware developer.
Finally, this week we learned about Royal Ransomware, which has been quietly working from the shadows since February but has, more recently, ramped up attacks.
Data exfiltration malware known as Exmatter and previously linked with the BlackMatter ransomware group is now being upgraded with data corruption functionality that may indicate a new tactic that ransomware affiliates might switch to in the future.
Analyzing Bloody Ransomware Today very limited information was received for analysis from one of the Ukrainian victims of the Bl00dy Ransomware Gang.
The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies.