Talos has written a blog discussing ransomware code leaks and how they impact the threat landscape by making it easier for new threat actors to quickly build their own malware variants to deploy against potential victims.

Threat actors posting the source code for major ransomware families online has been observed since 2021 due to a variety of reasons, from internal conflict within a criminal group to accidental exposure. Regardless, the availability and diversity of source code from successful ransomware families, which are complex and require skilled expertise to create, reduces the bar for threat actors with minimal coding experience to deploy their own tweaked versions. Not only does this make it more difficult for network defenders to identify the threat actor behind an attack, but it’s also created a threat environment where the number of ransomware variants is exploding. While the groups behind these variants typically ask for lower ransoms compared to the bigger groups, members are still urged to remain vigilant. Information sharing is especially powerful against a threat like this, as network defenders affected by variants can more easily compare code and share mitigation techniques. Read more at Talos.