Ransomware groups have evolved into complex entities, with structures comparable to real companies, some even having departments such as human resources. This article explores the major players in the ransomware world today, their methods of operation, and the challenges posed by these cybercriminals.
BlackBasta: A meteoric rise
BlackBasta, which emerged in early 2022, is believed to be a descendant of the notorious Conti group. Its notoriety quickly skyrocketed thanks to its aggressive double extortion tactics, which consisted of demanding a ransom for the decryption of data and another to avoid the disclosure of the stolen data. By 2022, the group had accumulated more than $107 million in Bitcoin. BlackBasta is a perfect example of the ability of these groups to generate immense revenues by exploiting vulnerabilities in companies’ information systems.
BlackCat (ALPHV): Innovator of triple extortion
BlackCat, also known as ALPHV or Noberus, emerged on the cybercrime scene in late 2021. Emerging from the ashes of the Darkside group, BlackCat was quickly associated with high-profile attacks, such as the one against Colonial Pipeline. The group is particularly feared for introducing a triple extortion strategy, adding the threat of DDoS cyberattacks to the usual ransom demands. According to the FBI, BlackCat has struck more than 1,000 victims worldwide, demonstrating the effectiveness and reach of its ransomware-as-a-service (RaaS) business model.
How to Protect Your Data from Ransomware Attacks: Essential Strategies and Tools
Clop: A persistent threat
The Clop group, which has been active for several years, is known for its multi-layered attacks primarily targeting financial institutions and critical infrastructure. Recently, Clop exploited a zero-day vulnerability in the MOVEit Transfer file transfer tool, highlighting its ability to use sophisticated vulnerabilities to infiltrate corporate networks. The attack affected numerous organizations, including government entities. Clop continues to pose a significant threat in the cyber threat landscape.
LockBit: A major player in RaaS
Since its inception in 2019, LockBit has established itself as one of the most prolific ransomware groups, collecting over $120 million in ransoms. The group operates a RaaS model, providing its affiliates with advanced malware tools and infrastructure to carry out their attacks. However, in 2022, a joint operation by US and UK authorities dealt a major blow to LockBit, seizing several of its servers and indicting two of its members.
REvil: The Persistence of a Known Threat
Known as Sodinokibi, REvil is another prominent example of the RaaS model. The group has gained notoriety by targeting high-profile companies, including Apple, and running a dark web marketplace where it threatens to publish stolen data. Despite international cooperation that led to REvil’s temporary shutdown in early 2022, the group’s influence and methods continue to inspire other cybercriminals.
Analyzing the activities of these ransomware groups reveals not only their ability to adapt and innovate in response to cybersecurity efforts, but also the persistent threat they pose to global information security. Businesses and governments must continue to strengthen their defenses and collaborate internationally to effectively counter these malicious cyber actors.
Source de l'article : https://www.expressvpn.com/fr/blog/biggest-ransomware-syndicates-and-how-they-work/
