WithSecure finds new ransomware groups cause attack surge

Ransomware attacks continue to surge in 2023, as WithSecure finds that many of these criminal groups are new actors following already-established playbooks

A new report by WithSecure reveals a rapid increase in multi-point extortion ransomware attacks in 2023.

The company has uncovered that new ‘threat actor’ groups are helping to drive a surge in attacks, with new operators accounting for a quarter of all data leaked from ransomware attacks so far this year.

New groups have been found to largely follow established playbooks that often have lineage from older operations. Given that data leaks from ransomware attacks have effectively doubled in the first three quarters of 2023, the WithSecure report highlights a need for businesses and private users to protect themselves. 

Ransomware gangs ramp up activity, with Lockbit leading charge

Ransomware, a type of malicious software that steals control of machines or data, has become a massive source of revenue for cybercriminals at the expense of people, organisations and governments. 

Whilst new groups largely follow playbooks established by existing operators, they also play a key role in sustaining the amount of ransomware attacks facing organisations. Ransomware has been a security issue for many years in part due to criminal groups being able to reinvent themselves.

According to WithSecure’s research, the number of new multi-point extortion ransomware groups surged during the first three quarters of 2023. Notably, Lockbit is currently leading in the amount of leaked data (21%), while the top five groups accounted for more than 50% of total leaks.

Image source: WithSecure report

Research states that the five criminal groups with the most leaks are: 8Base, Alphy/BlackCat, Cl0p, Play and Lockbit. Approximately 25% of data leaks included in the research were from ransomware groups that only began operating in 2023 - highlighting that new groups are a clear concern.

Out of the 60 multi-point extortion ransomware gangs whose activities WithSecure has tracked during the first nine months of 2023, 29 are new. 

New cybercriminals with ‘clear lineage’ in older operations

Over the past few years, cyber gangs have gained notoriety by using multi-point extortion ransomware attacks, which involves using several methods to pressure victims into paying a ransom to regain control of their data. WithSecure states that these groups will often encrypt data and steal it to publish online unless they are paid.

WithSecure Threat Intelligence Analyst Ziggy Davies says: “Code and other aspects of one particular cyber crime operation end up getting used elsewhere because groups and their members often recycle the same resources when they change who they work for or with. Many of the new groups we’ve seen this year have clear lineage in older ransomware operations.”

While cyber criminals look to be more interested in ransomware than ever before, the degree to which these groups recycle each other’s playbooks does provide defenders with some advantages.

Davies continues: “Ransomware remains an effective moneymaker for cyber criminals, so they’ll mostly stick to the same basic playbook rather than come up with anything really new or unexpected. This makes them pretty predictable, which is good for defenders because they know what they’re up against.”


For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.  


BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.


Featured Articles

Arctic Wolf: BEC Now Top Method of Cyber Attack on Business

A new study has revealed that Business Email Compromise attacks are now the primary method used by cybercriminals to target organisations.

BlueVoyant's Tom Moore Talks Legal Procedure Following Hack

BlueVoyant's Tom Moore explains how companies should act with legal council following a cyber attack

GDPR: Studying the World's Strictest Security Law 6 Years On

We take a look at the history, impact, and future of GDPR to see how it has effected the cyber sphere six years after its enactment

Banking Titan Baird Gives 9 Pointers for Cyber Investors

Cyber Security

OpenText's Pillr Buy Show Acquisitions Still in its Strategy

Cyber Security

Zoom Prepares for Quantum World with Post-Quantum Encryption

Cyber Security