WithSecure finds new ransomware groups cause attack surge

Ransomware attacks continue to surge in 2023, as WithSecure finds that many of these criminal groups are new actors following already-established playbooks

A new report by WithSecure reveals a rapid increase in multi-point extortion ransomware attacks in 2023.

The company has uncovered that new ‘threat actor’ groups are helping to drive a surge in attacks, with new operators accounting for a quarter of all data leaked from ransomware attacks so far this year.

New groups have been found to largely follow established playbooks that often have lineage from older operations. Given that data leaks from ransomware attacks have effectively doubled in the first three quarters of 2023, the WithSecure report highlights a need for businesses and private users to protect themselves. 

Ransomware gangs ramp up activity, with Lockbit leading charge

Ransomware, a type of malicious software that steals control of machines or data, has become a massive source of revenue for cybercriminals at the expense of people, organisations and governments. 

Whilst new groups largely follow playbooks established by existing operators, they also play a key role in sustaining the amount of ransomware attacks facing organisations. Ransomware has been a security issue for many years in part due to criminal groups being able to reinvent themselves.

According to WithSecure’s research, the number of new multi-point extortion ransomware groups surged during the first three quarters of 2023. Notably, Lockbit is currently leading in the amount of leaked data (21%), while the top five groups accounted for more than 50% of total leaks.

Image source: WithSecure report

Research states that the five criminal groups with the most leaks are: 8Base, Alphy/BlackCat, Cl0p, Play and Lockbit. Approximately 25% of data leaks included in the research were from ransomware groups that only began operating in 2023 - highlighting that new groups are a clear concern.

Out of the 60 multi-point extortion ransomware gangs whose activities WithSecure has tracked during the first nine months of 2023, 29 are new. 

New cybercriminals with ‘clear lineage’ in older operations

Over the past few years, cyber gangs have gained notoriety by using multi-point extortion ransomware attacks, which involves using several methods to pressure victims into paying a ransom to regain control of their data. WithSecure states that these groups will often encrypt data and steal it to publish online unless they are paid.

WithSecure Threat Intelligence Analyst Ziggy Davies says: “Code and other aspects of one particular cyber crime operation end up getting used elsewhere because groups and their members often recycle the same resources when they change who they work for or with. Many of the new groups we’ve seen this year have clear lineage in older ransomware operations.”

While cyber criminals look to be more interested in ransomware than ever before, the degree to which these groups recycle each other’s playbooks does provide defenders with some advantages.

Davies continues: “Ransomware remains an effective moneymaker for cyber criminals, so they’ll mostly stick to the same basic playbook rather than come up with anything really new or unexpected. This makes them pretty predictable, which is good for defenders because they know what they’re up against.”


For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.  


BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.


Featured Articles

Secure 2024: AI’s impact on cybersecurity with Integrity360

With 2023 seeing increased AI in cybersecurity, and rising cyberattacks, Integrity360 leaders consider what the 2024 cyber landscape will look like

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Magazine speaks with Radiflow’s CEO, Ilan Barda, about converging IT and OT and how leaders can better protect businesses from cybersecurity threats

QR ‘Quishing’ scams: Do you know the risks?

QR code scams, or Quishing scams, are rising and pose a threat to both private users and businesses as cyberattacks move towards mobile devices

Zero Trust Segmentation with Illumio’s Raghu Nandakumara

Network Security

Is the password dead? Legacy technology prevents the shift

Network Security

Fake Bard AI malware: Google seeks to uncover cybercriminals

Technology & AI