July 22, 2024 at 12:42PM
A recent Europol report highlights the fragmentation of the ransomware threat landscape following the disruption of RaaS groups. This has led to challenges in attribution and increased independence among cybercriminals. Affiliates are now developing their own payloads, while the focus has shifted to targeting small and medium-sized businesses. The report emphasizes the importance of maintaining up-to-date backups.
From the meeting notes, I have gained the following key takeaways:
– Recent disruption of ransomware-as-a-service (RaaS) groups has led to fragmentation in the threat landscape, making it more challenging to track cybercriminal activities and reorganizations.
– Affiliates of disrupted RaaS gangs are increasingly looking to develop their own payloads and work independently using stolen, modified tools.
– There has been a decrease in the number of active RaaS leak sites since January 2024, suggesting the industry has been disrupted but actors have settled down behind a smaller number of perceived safe brands.
– Top affiliates at RaaS gangs are seeking to go solo and develop their own tools to reduce reliance on big players, leading to a shift towards independent operations.
– The trend of lone actors in the ransomware scene is difficult to quantify, but there are notable examples supporting the idea of an increase in independent cybercriminals operating without leak sites or infrastructure.
– Ransomware gangs have shifted their attention back to targeting small and medium-sized businesses, reflecting a trend of going after the weakest defenses for easier compromise and potential pay-outs.
– Extortion tactics using multi-layered methods remain a common route for negotiating ransom payments, emphasizing the importance of maintaining up-to-date backups to mitigate the impact of potential data leaks.