"Ransomware Groups Launch Surgical Attacks Due to Law Enforcement Action"

Multiple law enforcement actions led to arrests and the shutdown of some ransomware activities in 2021, thus driving threat actors to reduce their targeting scope and increase efforts towards maximizing the effectiveness of their operations. Although significant members of Ransomware-as-a-Service (RaaS) gangs have been imprisoned, the most infamous RaaS gangs are still operating and evolving to achieve maximum damage. Findings from Coveware's analysis of ransomware negotiation data gathered in the fourth quarter of 2021 reveal that ransomware groups are now demanding larger ransomware payments instead of increasing the volume of their operations. The average ransom payment in Q4 2021 was $322,168, which is a 130 percent increase from the previous quarter. Disrupting the operations of large companies has resulted in investigations and global political issues. Therefore, cybercriminals are trying to find a balance by targeting companies that are big enough to obtain significant financial gain but not so large or important that they will cause more geopolitical problems. Threat actors have mainly targeted mid-sized businesses as companies with over 50,000 employees had fewer incidents. In addition, Conti V2 was the most common ransomware variant in Q4 2021, making up for 19.4 percent of all detections, followed by LockBit 2.0 with 16.3 percent and Hive with 9.2 percent. This article continues to discuss key findings regarding ransomware groups in Q4 2021.  

CyberIntelMag reports "Ransomware Groups Launch Surgical Attacks Due to Law Enforcement Action"