2023 was a big year for ransomware, with threats rising after a two-year decline, breaking a six-year record, new research shows.
a report from Mandiant has revealed the increasing popularity of ransomware-as-a-service (RaaS), which also means that the barrier to entry has been significantly lowered, and as a result, the number of victims placed on data breach sites has increased significantly.
According to the article, there has been a 75% increase in the number of companies placed on data breach sites between 2022 and 2023, affecting organizations in 110 countries.
Goodbye, Kobalt Strike
Many old and well-known ransomware families have also acquired new variants, indicating continued development and resource sharing among the cybercriminal community. About a third of all new ransomware families observed and tracked by Mandiant in 2023 were variants of previously identified versions.
Mandiant also says that while ransomware variants are changing, attackers are also using new tools when it comes to initial access. While in previous years malicious tools dominated, they are now slowly being replaced by legitimate tools used for malicious purposes. Most notably, Cobalt Strike, a super-popular threat emulation tool that was essentially hijacked by cybercriminals, is slowly being phased out. Instead, there are now several legitimate remote access tools.
Hackers are also moving faster than before, reducing dwell time and making ransomware deployed sooner, Mandiant says. In nearly a third of incidents, ransomware was deployed within 48 hours of the attacker’s initial access, meaning threat actors are now better able to map IT infrastructure, networks and systems.
Finally, they are still running encryption systems after hours: more than three-quarters (76%) of all ransomware deployments occurred outside of business hours, usually in the early morning.