Despite the fact that REvil and other well-known ransomware gangs were shut down this year, the cybercriminals who created them have continued to evolve and succeed with new cross-platform capabilities, improved business methods, and more.
Ransomware operations have evolved over the last few years from covert and amateurish beginnings to full-fledged companies with different brands and designs that compete on the dark web.
To increase awareness ahead of Anti-Ransomware Day, Kaspersky Lab has released a new research showcasing some of the new ransomware tendencies seen so far this year.
Despite the fact that REvil and other well-known ransomware gangs were shut down this year, the cybercriminals who created them have continued to evolve and succeed with new cross-platform capabilities, improved business methods, and more.
Ransomware operations have evolved over the last few years from covert and amateurish beginnings to full-fledged companies with different brands and designs that compete on the dark web.
To increase awareness ahead of Anti-Ransomware Day, Kaspersky Lab has released a new research showcasing some of the new ransomware tendencies seen so far this year.
The first noteworthy trend is ransomware groups’ extensive use of cross-platform capabilities, which allows them to infect as many devices as possible with the same malware by building code that can run on many platforms simultaneously.
Conti has been one of the more active organisations this year, and it has produced a ransomware strain that can be delivered through certain affiliates and targets both Linux and Windows workstations.
At the same time, ransomware gangs have continued their efforts to streamline their operations. Rebranding is one of these actions, as is updating exfiltration equipment to distract law enforcement’s attention.
Meanwhile, some groups have created and implemented their own bespoke and comprehensive toolkits that resemble those released by genuine software firms.
The Lockbit ransomware group stands out in this regard, as it releases regular toolkit upgrades and frequently maintains its infrastructure.
To read our blog on “REvil ransomware is returning officially,” click here.
