by Despite REvil and some of the other more notorious ransomware gangs being shut down this year, the cybercriminals behind them have continued to develop and succeed with new cross-platform features, updated business processes, and more.
In recent years, ransomware operations have grown from their clandestine, amateurish beginnings to full-fledged businesses with distinct brands and styles that rival each other on the dark web. To raise awareness ahead of Anti-Ransomware Day, cybersecurity firm Kaspersky has released a new report highlighting some of the new ransomware trends detected so far this year.
The first noteworthy trend is the abundant use of cross-platform features by ransomware groups that allow them to damage as many systems as possible using the same malware by writing code that can run on multiple systems at the same time. Conti was one of the most active groups this year and has developed a variant of its ransomware that can be distributed through select affiliates and target devices running Linux distributions and Windows machines.
At the same time, ransomware groups have ongoing activities to facilitate their business processes. These activities include rebranding to divert attention from law enforcement, as well as updating the exfiltration tools. Meanwhile, some groups have developed and implemented their own complete, custom toolkits that resemble those released by legitimate software companies. The Lockbit ransomware group stands out for this, as the organization provides regular updates to its toolkits and often applies fixes to its infrastructure.
take sides
Since Russia’s invasion of neighboring Ukraine began on February 24, it has prompted companies, governments and individuals to take sides in the conflict.
According to Kaspersky, however, this was also the case on cybercrime forums and with ransomware groups that began to take sides. As a result, there were a number of politically motivated attacks during the first quarter of this year that cybercriminals carried out in support of Russia or Ukraine.
One of the new strains of malware that was discovered during the conflict is called Freeud and was developed by Ukrainian supporters. Instead of encrypting the systems of its targets, Freud introduces the wiping functionality and if a target contains any items from a list of files, the malware will clean them from the victim’s system.
Senior Security Researcher at Kaspersky’s Global Research and Analysis Team Dmitry Galov provided more information about the company’s New Ransomware Trends in 2022 report in a press release, saying:
“If last year we said ransomware is in bloom, this year it is in full bloom. While last year’s top ransomware groups were forced out, new actors emerged with never-before-seen techniques. However, as ransomware threats evolve and expand, both technologically and geographically, they become more predictable, which helps us better detect and defend against them.”
