Only two groups are behind most ransomware attacks

More than half of all attacks ransomwarea reported during the first three months of this year are the work of only two groups.

Researchers from the firm Digital Shadows analyzed ransomware attacks recorded between January and March 2022. LockBit and Conti were the two most active ransomware gangs during the first three months of this year, responsible for 58% of all incidents.

LockBit is by far the most successful group responsible for 38% of ransomware attacks. That is almost twice as many as the number of recorded attacks by the Conti group, which is behind 20% of attacks in the same period.

Both groups steal data from victims, threatening to publish it if the ransom is not paid. According to Digital Shadows, LockBit released information on over 200 victims during the first quarter of this year, the most data leak so far.

In addition to these two gangs, the groups Hive, Vice Society, Blackbite and others had a significant share in the ransomware attacks.

Ransomware Conti remained a major threat, despite public disclosure when a member of the group, of Ukrainian origin, published correspondence with malware in Februaryafter the group issued a message of support for the Russian invasion of Ukraine. Although the betrayal may have affected the group, Conti continued with attacks and extortion with the same intensity. However, experts believe that the data leak is a strong blow to the group’s reputation and that it can affect its ability to attract new branches in the long run and its ability to grow.

One group seems to have disappeared from the scene. PYSA, which was the third most active ransomware group during the last three months of 2021, has disappeared from the radar. Next to her, another previously very successful ransomware group, Revil, also ceased operations late last year.

Digital Shadows has also noticed the emergence of new groups since the beginning of 2022, and among them are Stormous, Night Sky, Zeon, Pandora, Sugar and x001xs. It is likely that cybercriminals involved in groups that have been shut down will simply find a new job with other ransomware gangs.

With new groups emerging at a similar rate as extinct groups, ransomware is likely to remain one of the biggest threats in the future.

Source: by

*The article has been translated based on the content of by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!