RANSOMWARE THREAT LANDSCAPE OVERVIEW

The reporting period witnessed a 15.1% decline in the ransomware activity with the total number of victims reducing to 164 from 193 in the previous week. The leadership of the RaaS ecosystem experienced yet another shift with Sinobi group leading with 26 victims, Qilin and Akira remained part of the top 5 active groups with 21 and 20 victims respectively

Manufacturing (28 victims) and Business Services (28 victims) were the most targeted industries, followed by Technology with 21 victims.

Geographically, the United States remained the epicenter of ransomware activity, with 96 recorded victims. This figure accounts for 58.5% of the total victim count. Other countries like Canada and Australia followed with 13 and 6 victims respectively.

OBSERVATIONS

• New RaaS Leaders:The decline of Shinyhunters and dominance of Sinobi further highlights the fluid nature of the RaaS ecosystem. It also suggests very successful, recent recruitments or operation drives by the new leader.
• Extreme US Concentration: The dominance of The alarming escalation of attacks on the United States reiterates that the nation is the most profitable and preferred target, as noted previously regarding its wealth concentration and willingness to pay.

NEWLY OBSERVED RANSOMWARE GROUPS

• Kyber
• Kryptos
• Brotherhood
• Tengu

RECOMMENDATIONS

• Organizations should develop a well-defined incident response plan. This plan should include not only technical recovery steps but also communication and public relations strategies to manage the reputational fallout.
• Organization should develop a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location.
• Organizations should implement a strong foundational security posture now more than ever. This involves implementation of Multi-Factor Authentication (MFA), exhaustive patch management, vulnerability scans, and robust identity and access control.
• Organizations should leverage real-time threat intelligence on the ransomware groups' TTPs (Tactics, Techniques, Procedures), to ensure early detection.
• Organizations in the targeted industries must undertake a detailed security control audit with a focus on protecting core operating technology and intellectual property.
• Organizations in the United States should consider additional protective measures, such as enhanced monitoring of network traffic and a comprehensive incident response plan, to mitigate the higher risk of attack.
• Organizations should constantly assess the security posture of suppliers and partners because supply chain compromises are becoming a common way for threat actors to gain access.
• Organizations should practice timely sharing of attack data among industry peers to improve situational awareness and defense coordination.