A recent Kaspersky survey states that only eight ransomware groups can be held responsible for attacks on more than 500 companies worldwide. Not only that, the attacks followed the same method, demonstrating the “standardization” of ransomware as a service.
The groups examined were Confi/Ryuk, Pysa, Clop (TA505), Hive, Lockbit2.0, RagnarLocker, BlackByte, and BlackCat. They mainly operate in the US, UK and Germany and have managed to hit the mark of over 500 companies hacked between March 2021 and March 2022.
According to Kaspersky, attacks between different groups are becoming similar due to the rise of the ransomware-as-a-service (RaaS) concept. commit to its services.
A deep dive into the most common # ransomware groups, their TTPs and ransomware #IT world.
https://t.co/FZbeQOZWL2— Kaspersky (@kaspersky) 23 June 2022
As the recruiter usually has less technical knowledge, attack methods have been simplified and standardized, making everyone very similar. In addition, old tools are used to make life easier for those who paid the price of the attack.
Standardizing attacks and using legacy tools should help companies protect themselves against ransomware, but the problem of typically neglecting to install software updates and patches continues to leave these computers vulnerable to known attacks.
Source: Tec Mundo
