The number of ransomware leak victims dropped by over a quarter between the end of 2021 and the first three months of 2022, but new groups proliferated, according to Digital Shadows.
The threat intelligence vendor observed 582 organizations listed on ransomware leak sites in Q1 2022, a decrease of 25.3% compared to Q4 2021.
It claimed the drop was due to reduced activity from some of the more prolific groups. These include Conti, which saw a 32% decrease in the number of victims, and Pysa, which did not name any during the quarter.
In fact, the latter group appears to have disappeared, despite being the third most active in Q4 2021 with a particular focus on the education sector, according to Digital Shadows.
However, its members and/or affiliates will likely disperse to newly branded entities.
“In the first quarter of 2022, Digital Shadows observed the creation of many new ransomware groups and data leak sites. These included Stormous, Night Sky, Zeon, Pandora, Sugar, and x001xs,” the security vendor explained.
“A trend that is typically observed between quarters is that new ransomware groups are created at a similar rate to groups being shut down. This is likely because affiliates frequently move from groups that are no longer active to those that are emerging. Groups also often shut down operations and rebrand, to avoid raising attention from law enforcement agencies.”
As in the previous two quarters, however, LockBit 2.0 and Conti remained the most prolific of the 70 groups tracked by Digital Shadows, accounting for nearly 58% of incidents in Q1 2022.
LockBit had nearly twice as many victims as Conti and is reportedly the only group to have leaked data on more than 200 organizations in a quarter since Q3 2021. Read more:https://bit.ly/3El2mCn
You can also read this: New Python-based Ransomware Targeting JupyterLab Web Notebooks