Security News > 2023 > July > RaaS proliferation: 14 new ransomware groups target organizations worldwide

"Q2 2023 continued to highlight the growing ransomware threat facing organizations across the globe, from both established ransomware gangs and emerging or ephemeral opportunistic groups," said Drew Schmitt, GRIT Lead Analyst.

For the first half of 2023, correlation between the total number of ransomware groups and total observed ransomware events suggests that newly emerging groups directly contribute to the rise in total victims.

The MOVEit campaign accounted for 6% of June's attacks and 94% of Clop's total for Q2. LockBit remains the most prolific ransomware threat group, despite experiencing a 10% decline in observed victim volume in Q2 relative to Q1. AlphV is the second most active ransomware group in Q2, experiencing a 50% increase in victim volume over Q1. 8Base is a newcomer, but is the third most active actor in Q2, responsible for 9% of all observed ransomware attacks.

Bianlian and Clop round out the top five most active ransomware groups in Q2. 8Base and Akira, two ransomware groups that came to prominence in Q2, have surprised security researchers with the speed at which they established themselves as prolific actors.

The prevalence of leaked ransomware builders has continued to lower the barriers to entry for emerging ransomware groups.

"From the rapid diversification of the ransomware threat roster, to recycled ransomware and crimeware, to data-focused extortion shifts, GRIT continues to monitor and report on the shifting TTPs in the ransomware ecosystem," said Schmitt.

News URL

https://www.helpnetsecurity.com/2023/07/25/active-ransomware-groups-2023/