2024 was a banner year for Law enforcement agency actions against ransomware and cybercrime groups. Will the new administration ensure this momentum continues ..read more

A recent Australian Financial Review (AFR) article contained statistics about ransomware payment trends that require some deeper inspection ..read more

In Q3 2024 Law enforcement actions disrupted infrastructure and publicized the identity of several prolific ransomware threat actors ..read more

Unaffiliated ‘lone wolf’ threat actors carry out a greater share of attacks as they attempt to obfuscate their identity in Q2 2024 ..read more

Table of Contents Raas Groups Payment Rates Types of Ransomware Attack Vectors & TTPs Industries Impacted Following the FBI disruption of BlackCat ALPHV in Q4, a global Law Enforcement Agency (LEA) consortium also successfully disrupted the LockBit Ransomware-as-a-Service (RaaS) organization which included sanctions on two members of the LockBit organization. While neither of these operations have completely shuttered BlackCat or LockBit, the show of force by LEAs was effective in shaking the confidence of ransomware affiliates and RaaS developers. The actions demonstrated that threat acto ..read more

Table of Contents Ransomware Bans Payment Rates Types of Ransomware Attack Vectors & TTPs Industries Impacted As the year turns, and weary defenders begin to worry about what new threats will present themselves in 2024, the conversation of ransomware payment bans has resurfaced. This is not a new debate and resurfaces from time to time, so we decided to unpack this issue.  Why would a country consider a ban? The rational answer to this question is that a government would enact a ban because they truly believe the policy would minimize ransomware payments and compel cybercriminals to c ..read more

Table of Contents Scattered Spider Payment Rates Types of Ransomware Attack Vectors & TTPs In Q3 of 2023, several high profile attacks against the gaming industry and other large enterprises were carried out by “Scattered Spider”, aka UNC3944, aka Scatter Swine aka, Muddled Libra, aka Roasted 0ktapus aka possibly sometimes BlackCatALPHV or Rhysida, aka a group of globally distributed teenagers… Attribution is hard in this industry. While we are using a smidge of humor to draw attention to the dilemma, the reality is trying to fit these types of attacks into a perfect box for the sake of ap ..read more

Table of Contents Cyber Extortion Opportunity Cost Curve Types of Ransomware Attack Vectors & TTPs Industries Impacted In the second quarter of 2023, the percentage of ransomware attacks that resulted in the victim paying, fell to a record low of 34%. The trend represents the compounding effects that we have noted previously of companies continuing to invest in security, continuity assets, and incident response training. Despite these encouraging statistics, ransomware threat actors and the entire cyber extortion economy, continue to evolve their attack and extortion tactics. Understandin ..read more

Table of Contents Average Ransom Payment Types of Ransomware Attack Vectors & MITRE ATT&CK Tactics Industries Impacted Midway through Q1 the winds of progress shifted, and we observed a material increase in attacks on large enterprises that achieved levels of impact that we had not observed since before the Colonial Pipeline attack in May 2021. In 2019 and 2020 it was fairly common to see large enterprises become completely paralyzed by ransomware encryption. This evolved in the quarters that followed the Pipeline attack. We highlighted the key reasons for ransom payment contraction la ..read more

Table of Contents Average Ransom Payment Data Exfiltration Types of Ransomware Attack Vectors & MITRE ATT&CK Tactics Companies Targeted The cat and mouse game between ransomware affiliates and defenders spilled into new arenas of combat in Q2 of 2022. The looming question “What will happen once Conti disappears?” was answered rather quickly; nothing really changed except for name plates. The diaspora of Conti affiliates that was precipitated the Conti Leaks / Russian - Ukrainian invasion, were absorbed by existing and new Ransomware-as-a-Service (RaaS) groups such as Black Basta, Black ..read more