The global cybersecurity community in 2023 is witnessing waves of cybercriminal activity that have placed thousands of organizations in peril. Cybercriminals have been capitalizing on ransomware attacks to antagonize small and large businesses, demanding huge sums in exchange for decryption keys and the deletion of stolen data. Within the first two quarters, bad actors extorted under half a billion dollars from their victims — a 64% increase since 2022.

If the frequency and severity of ransomware attacks continue at the same rate as they have been for the rest of the year, cybercriminals could rake in close to $900 million by the end of 2023. With hundreds of organizations currently facing supply chain attacks, Ransomware-as-a-Service (RaaS) threats, and double extortion, the question is why there is such a steep climb in the number of ransomware attacks.

• Cybercriminal gangs and the uptick in ransomware attacks

Although cybersecurity professionals and regulatory authorities worldwide constantly strive to develop effective countermeasures to stave off cyber criminals, the substantial increase in ransomware attacks this year knocked everyone off their heels.

Cybercriminals often form gangs to improve their efficiency and expand their base of operations, predominantly targeting organizations in the banking, financial, and legal sectors. This is because customers trust such businesses with their personally identifiable information (PII) and financial data — precisely the kind of loot cybercriminals are after.

Here’s a list of some famous cybercriminal gangs that follow the RaaS and double extortion approach to achieve their malicious goals:

1. LockBit: Responsible for launching a successful ransomware attack on the French Ministry of Justice, among many other institutions and financial organizations. LockBit is highly notorious and targets businesses on a global scale. The group is one of the most active RaaS gangs, logging around 97 attacks in June alone.
2. Cl0p: If you’re even remotely savvy with the IT world, you’ve probably heard of this group. Cl0p is the gang behind the infamous MOVEit Transfer hack, which affected over 500 companies and 34 million individuals worldwide. Cl0p has reportedly launched 91 attacks, although that may slow down after the MOVEit exploit, which has seen them extort over $75 million. The group is presently utilizing torrents to leak data, increasing their chances of evasion.
3. REvil: Although out of commission since May 2022, this group rose to fame by boldly attacking some of the biggest enterprises, including JBS Foods. While most other companies emerged from the attacks relatively unscathed, JBS Foods paid $11 million in Bitcoin and was forced to shut down operations for a while.
4. BlackCat/ALPHV Ransomware: A dominant strain of ransomware in 2023, this group is responsible for successfully attacking over 60 businesses — non-profit and for-profit alike — regardless of their industry. BlackCat grew boldly to shoot Carinthia, a federal state in Austria, and demanded $5 million in exchange for the decryption key. The Carinthian government had to halt all its operations, such as issuing new passports or traffic fines, and even freeze its official website.

• The Booming Dark Web Economy is Bad News for Businesses

Today, the dark web is the world’s third-largest economy, and unlike the economy in many places, it is not experiencing any downturn. It’s growing at an alarming rate. Cybersecurity Ventures predicted that the dark web would inflict about $6 trillion in damages worldwide in 2021, placing the dark web economy just behind the United States and China, the top two world economies. The same experts also see global cybercrime costs growing by 15 percent per year over the next five years, reaching USD 10.5 trillion annually by 2025, up from USD 3 trillion in 2015.

There are two essential things to note about RaaS gangs. To begin with, the prominent teams mentioned above are all known to be primarily comprised of Russian hackers, most of whom have been suspected of being funded by the Russian government. Secondly, the gangs often make and sell their malware to other bad actors and recruit other teams, called affiliates, to perpetrate attacks. Considering all these facts, cybersecurity professionals have attributed the surge in ransomware attacks in 2023 to the ongoing Russo-Ukrainian war and the increased availability of malware and artificial intelligence tools for cybercriminals.

Businesses don’t just have to worry about cyberattacks on their organization. They also have to worry about the complications coming their way for cyberattacks on their partners, service providers, and suppliers. This is because today’s cybercriminals are inclined to go after the entire supply chain — and once they’re in, hackers can create a world of financial and legal trouble.

Ransomware seems to be the go-to attack for cybercriminals perpetrating supply chain attacks. Over half (52%) of global organizations know that one of their suppliers or partners has been affected by ransomware. Moreover, ransomware gangs target strategically positioned companies with access to a large digital supply chain to extort significant amounts of money.

Protecting your organization against ransomware attacks is incredibly challenging, and cybersecurity authorities, agencies, and professionals have learned that it is time to become more proactive to remedy the situation.

Source: ID Agent