The Information Technology – Information Sharing and Analysis Center (IT-ISAC) recently released a ransomware report titled Exploring the Depths: An analysis of the 2023 Ransomware Landscape and Insights for 2024 (see attached). The report uses data drawn from open-source sites, the dark web, member input, and information shared between National Council of ISAC members. The IT-ISAC tracked 18 new ransomware groups in 2023 and highlights how new ransomware strains continue to emerge despite recent law enforcement efforts.
Key takeaways from the report include:
- Ransomware-as-a-Service (RaaS) operations have made the barrier to entry significantly easier for less sophisticated individuals or groups to get involved.
- Despite the availability of ransomware packages available for nearly anyone to get involved, the methods used by threat actors to gain initial access, known as initial access brokers (IABs), have become more sophisticated. They are increasingly leveraging zero-day vulnerabilities and employing custom tooling.
- Data extortion schemes are on the rise with ransomware groups skipping the encryption process altogether.
- Threat actors are using programming languages like Rust to develop their encryptors, increasing the scope for potential victims beyond Windows users.
- Third-party vendors are continuing to be targeted by ransomware actors for initial access.
- A notable trend has been observed of ransomware actors abusing remote management tools and legitimate software to gain initial access and evade detection.
With a perspective focused on critical infrastructure, IT-ISAC includes insightful statistics into how ransomware is targeting various critical infrastructure sectors and highlights the most active ransomware groups (LockBit 3.0 and ALPHV/BlackCat). The report also includes general ransomware mitigation recommendations applicable to all critical infrastructure entities. Access the full report attached below.