Saturday, December 30, 2023

2023 Record Ransomware Group Totals and Who to Watch in 2024

New Groups to Look Out for in 2024


By Dominic Alvieri
December 31st, 2023

2023 Ransomware group totals


By all accounts it has been another record year for ransomware across the board. Hospitals, schools, large cities and small towns. With one day left in 2023 here is the unofficial top 5 ransomware group victims posted in 2023 by my count. These are only the number of victims posted that we know of.

Both LockBit and Black Cat have posted new victims while I have been typing this blog so these numbers are fairly accurate:

LockBit 1031
ALPHV BlackCat 432
Clop Ransomware 388
Play Ransomware 314
BianLian 255

-- other top 10 notable rising posters include Akira and Medusa Team.


Where are they now?

Where are they now?


Hive Ransomware


Hunters International
Hive Ransomware was one of the 3 ransomware group disruptions in 2023. There were no arrests.

ALPHV Black Cat holiday seizure c/o Brian Krebs article.


Hive Ransomware was the first ransomware group disruption in January of 2023. New self proclaimed ransomware and data extortion group Hunters International is using a close match to a Hive strain so much so that the group even posted a rebuttal on their leak site blog denying the accusation. 

Hunters have already emailed extortion threats to hospital cancer patients in December of 2023. 

Enough said.

BlackByte


BlackByte


BlackByte has been offline for over 2 months now with only a brief showing of their new white colored logo and then they disappeared again. BlackByte has been creating custom tools like their ExByte data exfiltrator and braded logos like the ones pictured above, 

If BlackByte is not running from the law they should be back menacing companies.

Royal Ransomware


Royal ransomware on the run.


Royal Black Suit


In a wildly unpopular blog that I rewrote several times and have been unable to publish here for some reason Royal Ransomware is on the run and has rebranded to Black Suit. Comparing their binaries they have matched and Royal has taken down their old leak site for the better part of the end of the year. 

Royal has recently also taken down their victim portal and have started to post more frequently now on their Black Suit leak site. Hence the name I have given them Royal Black Suit.

Vice Society




One of my favorite logos and most hated groups has been Vice Society. Vice has not posted for over 3 months now with their main leak site down for a majority of that duration. Vice Society has pulled down all of their back up leak sites right before the ALPHV BlackCat Ransomware leak sire seizure. 

There has been some rumors and talk of Vice Society rebranding and they do resemble a new group which I will release in more detail early in 2024.

NoEscape



NoEscape, formerly Avaddon has pullled an exit scam. 


Groups to Watch for in 2024



In no particular order here are some of the new groups that have create a stir and defenders should be aware of. More detailed profiles along with TTPs will be out early in 2024.

Akira Ransomware, Hunters International, Cactus & Rhysida.

No comments:

Post a Comment

Are You Trollin Me?

 Did Black Suit Ransomware just try to troll me? by Dominic Alvieri July 3rd, 2024 @AlvieriD The story goes a little something like this... ...