"Ransomware Ecosystem Becoming More Diverse for 2023"

In 2022, the ransomware ecosystem shifted, with attackers transitioning from large groups that once dominated the threat landscape to smaller Ransomware-as-a-Service (RaaS) operations for greater flexibility and less attention from law enforcement. This democratization of ransomware is bad news for companies since it has led to increased diversity in tactics, methods, and procedures (TTPs), more indicators of compromise (IOCs) to monitor, and more challenges to overcome when negotiating or paying ransoms. The DarkSide attack on Colonial Pipeline in 2021, which resulted in a major disruption of fuel supply along the US East Coast, highlighted the risk that ransomware attacks pose to critical infrastructure. This incident increased efforts by the highest levels of government to combat this threat. This boosted attention from law enforcement prompted the operators of underground cybercrime forums to reassess their ties with ransomware groups, with some forums prohibiting the promotion of such threats. DarkSide discontinued operations shortly thereafter, followed by REvil, also known as Sodinokibi. Russia's invasion of Ukraine in February 2022 strained the relationships of numerous ransomware groups with members and affiliates in both Russia and Ukraine, as well as other former Union of Soviet Socialist Republics (USSR) nations. This article continues to discuss the future of the ransomware ecosystem. The top active ransomware gangs to watch in 2023 include LockBit, Hive, Black Basta, Royal, and Vice Society. 

CSO Online reports "Ransomware Ecosystem Becoming More Diverse for 2023"