One Article Review
| Source |  Kovrr |
|---|---|
| Identifiant | 8393595 |
| Date de publication | 2023-07-13 00:00:00 (vue: 2023-10-10 07:25:34) |
| Titre | Le Ransomware Threat Landscape H1-23 Ce rapport fournit une analyse complète de toutes les attaques de ransomwares connues qui ont été signalées au cours des deux premiers trimestres de 2023. The Ransomware Threat Landscape H1-23This report provides a comprehensive analysis of all known ransomware attacks that were reported during the first two quarters of 2023.Read More |
| Texte | IntroductionâIn this comprehensive report, Kovrr collected and analyzed data on all known ransomware attacks reported during the first two quarters of 2023. The data was collected from multiple sources, all aggregated and updated regularly in Kovrrâs Threat Intelligence Database. The database includes data on many different types of cyber incidents, but this report includes only data on ransomware attacks, excluding data on any other type of attacks. The ransomware groups covered in this report all operate as a RaaS (Ransomware as a Service), a business model through which the ransomware binary and operation are sold or leased to operators, called affiliates. This means that a ransomware operation is composed of many different individuals, with separate roles, and the extortion profits are divided between them. Some individuals are responsible for initial access to the targets, others to lateral movement to interesting and profitable areas in the victim network, while others are responsible for the ransomware infection itself, and others negotiate with the victim after infection. âSummaryâThese are the main insights from the collected data:There is a 32% drop in attack amounts in H1-23 compared to H2-22. It is important to note that this drop can also be due to delayed reporting of cyber incidents by attacked companies.The top ten most active groups observed during the first half of 2023 are AvosLocker, Bianlian, BlackBasta, BlackCat, Clop, Lockbit 3.0, MedusaLocker, Play, Royal, and ViceSociety. All 10 actors accounted for 87% of attacks during this period, while the top 3 groups (Lockbit 3.0, BlackCat, and Clop) accounted for 53% of all claimed attacks during this period. The average lifespan of a ransomware group is 262 days, while the median is 167 days. In an average month, 18.3 different ransomware groups are active.The most targeted industry is the Services industry, while companies with a revenue of $10M-$50M are the most common targets. âData Collection Methods and Possible BiasesâThe data for this research was collected from Kovrrâs Threat Intelligence Database, that collects data from multiple sources, and includes information on different types of cyber incidents. Specifically for this report, data was collected mainly from ransomware leak sites, public filings of attacked companies, and news reports on ransomware attacks. The data from ransomware leak sites was collected mainly from Double Extortion (https://doubleextortion.com), a data source providing up to date information from ransomware leak sites. The rest of the data was collected using proprietary sources and methods. This data was then combined with additional sources to collect company business information and is limited to ransomware attacks that occurred and were reported in the first two quarters of 2023, between January 1st 2023 and June 31st 2023. There are several possible biases in the data that may affect the results presented in the report. Data collection for this research relied either on a company filing a notification on a ransomware attack, or a ransomware group uploading information about a victim. Therefore, in the case that a company decided not to file a notice of a ransomware attack, for example due to not being legally required to do so, it will not be included in our data. This means that companies located in countries that require data breach notifications, such as companies in the United States or the European Union, are expected to have a higher representation in our data. This is also true for companies in more regulated industries, such as healthcare. Regarding data retrieved from ransom group sites, there may be cases where an attacker did not upload data on the attack victim, as the victim paid the ransom, or for other reasons. This means that some victims that have quickly paid ransoms following an attack might not appear in our data. Additionally,, we have previously researched |
| Envoyé | Oui |
| Condensat | $100m $10m $1b $1m $200m $50m $50mâbianliansummary:âbianlian 0669 0âsummary:âlockbit 136a 167 1st 2019 2020 2021 2022 2023 2023âthe 23this 23âthe 262 27350 27351 31st 34362 8base 8basethis about above abused access account accounted accounting active actively activity activitythe actor actors ada addition additional additionally advisories/aa23 affect affiliates after against agencies aggregated aggressive all along alphv alphvm also always american among amount amounts analysis analyzed another any apart appear appearance appeared appearing april are are: are:a areas around association attack attacked attacker attackers attacking attacks attempts attention attracted attributed average avoslocker based become been before beginning being below between bianlian biases biasesâthe binary blackbasta blackcat both brazil breach breaches breakdown budget business but called can case cases cause change chart checked christmas christus cisa city claimed clear clearly clop close closely cloud collect collected collection collects colonial com com/blog com/reports/2022 combined coming common commonly communications companies companiesâ company compared compares composed comprehensive compromises computing conduct conducted constant contains continuously corporations could countries covered current currently cve cyber dallas data data:there database date day days decided decrease decreased decrypted delay delayed demand demands denial dental desktop detailed details: did different discussed distribution divided division divisions double downtime dozen dozens drop due durable during each early easy educational efforts either electric employees encrypt encrypted encrypting end enforcement engineering entire especially estate european events events/cybersecurity example examples excess excluding existing expected expertise exploitation exploited exploiting exploits exposed extensively external extort extortion factor far favored favors february file filezilla filing filings finance findings:âin findings:âlockbit findings:âroyal findings:âthe first firstly five focusing followed following fortraâs freeware from further gains gas general generally german goanywhere goods gov/data/sic gov/news government granularity graph great grew group groups groupsâafter groupsâthe had half halves harm has have having health healthcare heavily hellokitty help high higher highly holidays how however https://doubleextortion https://www hundreds identified important incidents included includes including increase increased increasingly individuals industries industry infected infection information infrastructure initial insights instead insurance intelligence interesting introductionâin invest involved item its itself january july june kept known kovrr kovrrâs lack lacking landscape language large larger last late later lateral law leading leak leased led legal legally less life lifecycle lifespan lifespans like likely limited little located lockbit longer look lower lowest made main mainly maintain major majority making management manual manufacturing many march may meaning means meantime median medusalocker mentioned methods middle might model month months more most moveit movement much multiple names negotiate network networks new news next not notable note notice notification notifications november number numerous observed occur occurred off often oil one online only open operate operates operating operation operators opportunity order organization organizations osha other others out over overall overview paid papercut part parties party patch patched pattern peak peaks peaksthere per perform performing period periods persecuted phishing pipeline play point points:ââ1 portion poses possible possibly post/moveit posting predominantly prefer preference preferred prefers presented previous previously primarily probably profile profitable profits prominent promising proportion proprietary protocol provide provided providers provides providing public publication pu |
| Tags | Ransomware Data Breach Vulnerability Threat Cloud |
| Stories | APT 17 |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.