Ransomware and Malware attacks have been growing at an alarming rate, with more cybercriminal groups emerging and continually targeting industries worldwide. Ransomware is predicted to cost $265 billion by 2031, a significant increase from $20 billion in 2021, so it is advisable to privy yourself to the top ransomware and malware groups active in 2022, their key tactics, and prominent attacks to gain a vivid picture of the current ransomware scenario.
DEV-0537, also known as the LAPSUS$ group, is an infamous cybercriminal gang that targets corporations for data exfiltration and extortion. The group has been around since 2021 and claimed responsibility for significant, high-profile cyberattacks demanding ransom.
Key Tactic: LAPSUS$ is known for its ransom demands where it exfiltrates an organization by enticing employees, gaining access to administrator accounts, and taking over the organization’s services.
Prominent LAPSUS$ Attacks in 2022:
- Hijacking of Impresa: The Portuguese media channel’s online streaming services and websites changed faces under the LAPSUS$ attack, demanding a ransom leveraging their control over the channel’s AWS in January 2022.
- Exfiltration of NVIDIA: LAPSUS$ struck NVIDIA in February 2022, compromising the internal systems and stealing nearly 1TB of NVIDIA’s data with plans to leak the data in batches if NVIDIA failed to fulfil their ransomware demand.
- Microsoft and Okta: The theft of Microsoft’s source code and Bing, Maps, Cortana, and authentication service provider, Okta’s sensitive cloud service accounts in March 2022 is the most recent blow by LAPSUS$.
LockBit is another cybercrime syndicate that emerged in 2019 and has been posing a significant threat ever since. LockBit is widely known for its RaaS (Ransomware-as-a-Service) model and specializes in double extortion.
Key Tactic: LockBit follows the use of its automated data exfiltration tools, the latest one being LockBit 2.0, which spreads through the network automatically. LockBit follows a stealthy and silent approach and ropes in organizations afterwards with their ransom demands.
Prominent LockBit Attacks in 2022:
- The Thales Ransom: Lockbit revealed its exfiltration of the French electronics multinational, Thales Group, in January 2022 and threatened the release of sensitive data on the failure of their ransomware demand.
- French Ministry of Justice: LockBit also demanded a ransom from the French Ministry of Justice in January 2022, after taking credit for encrypting Ministry files and threatening to release sensitive Ministry data on the dark web.
- Exfiltration of Bridgestone Americas: Tyre manufacturer Bridgestone also suffered a ransomware attack by LockBit in February 2022 when LockBit stole the manufacturer’s data and published a countdown meter with time remaining to publish stolen files if Bridgestone did not meet the demand.
BlackCat is another cybercriminal group that provides RaaS and targets various organizations worldwide. The group is also called ALPHV and has been around since November 2021.
Key Tactic: BlackCat enjoys making its victims suffer by compromising the organization’s systems, exfiltrating the data, and attacking the primary system causing slowdowns, denial of services, delayed operations, and more in a bid to demand ransom, using its ransomware strain coded in the Rust language.
Prominent BlackCat / ALPHV Attacks in 2022:
- Moncler: Moncler, the luxury fashion market leader from Italy, was targeted by ALPHV in January 2022, who stole Moncler’s data and leaked it on Tor. The attack began in December of last year, but the data was leaked this year as Moncler did not fulfill the $3 million ransom demand.
- German Oil: The German oil organizations Oiltanking and Mabanaft were huge targets of BlackCat’s ransomware attack in February 2022, which affected the services of over 200 oil stations in the country.
4. Wizard Spider (Conti Ransomware Group)
Wizard Spider is another infamous ransomware group making headlines since 2020 with its ransomware, Conti. Conti is behind several high-profile ransomware attacks in the US and Europe and has been the talk of the town since its warning to foes of Russia.
Key Tactic: Conti implements a special and faster ransomware software that uses its own AES encryption and operates a website where it leaks sensitive documents. Conti’s creator, Wizard Spider, is also behind the famous Ryuk ransomware.
Prominent Conti Attacks in 2022:
- Minnesota’s Bay & Bay: Wizard Spider used Conti to target Bay & Bay trucking company in January 2022 by exploiting their Microsoft exchange server vulnerabilities. Bay & Bay refused the ransomware demand that led to the group’s leak of stolen Bay & Bay data on the dark web.
- Indonesian Central Bank: Bank Indonesia suffered a ransomware attack in January 2022. Wizard Spider stole employee data, took credit for the attack, and stated a theft of nearly 13.88 GB of data.
- Canada’s Aluminerie Alouette: Conti targeted Aluminerie Alouette, a leading metal producer, in March 2022. The group published the details of the theft of Alouette’s data and credit for the attack on their website in a ransom demand.
5. Vice Society
The Vice Society is another ransomware gang emerging as a rising force in cybercrime.
Key Tactic: The Vice Society has targeted many schools and is known for encrypting the data via malware, demanding ransoms in exchange for access and control.
Prominent Vice Society Attacks in 2022:
Missouri School: Vice Society dumped information from Missouri’s Carthage R-9 district in January 2022 as the school did not offer a good ransom. The dump contained the information about human resources, files, and social security numbers of over 1000 workforce.
Durham Johnston: UK’s Durham Johnston school was another school targeted by vice in January 2022. They leaked sensitive data of both students and staff on the failure of the ransom demand’s payment.
Optionis: An accounting organization, Optionis Group, that oversees brands such as Parasol, Clearsky, etc., was another victim of the Vice Society that leaked their data on the dark web in February 2022.
With the increasing availability of RaaS and cybercriminal groups recruiting for insider attacks, it is imperative to understand the ramifications of rising ransomware and malware attacks. As these threats are only bound to increase, you need to have adequate anti-ransomware tools and measures in place to ensure your business does not suffer, even in the worst-case scenario of being hit by a ransomware attack.