At a glance.
- A who's-who of ransomware groups.
- When it comes to consumer trust, GDPR might be a catch-22.
A who’s-who of ransomware groups.
US software company DomainTools has issued its annual report on the most prominent ransomware families, and that report indicates significant changes to the ransomware landscape in the past twelve months. External forces like Russia’s invasion of Ukraine last year saw cyber gangs rebranding to avoid sanctions. The infamous Conti ransomware group issued pro-Russia sentiments shortly after the invasion (which the group attempted to walk back days later), and a whistleblower leaked details about their operations that eventually led Conti to shut down its operations. Since then, elements of the old group have sprung up under new names like Royal, Black Basta, Karakut, and Quantum. Royal and Black Basta are now among the top five ransomware groups by victimology, beaten only by heavy-hitters Lockbit 3.0, AlphVM, and CLOP. The most targeted sector is construction, followed by healthcare, which has seen a major surge in attacks impacting a greater number of individuals. World governments have increased their efforts to disrupt the business operations of ransomware groups by shutting down cryptocurrency exchanges and sanctioning individuals tied to ransomware families like Trickbot. Coupled with arrests of prominent group members, law enforcement operations have had an impact on how ransomware groups operate. Ransomware payments also took a steep drop, influenced by victims’ ability to restore their systems from backups, and the refusal of cyber insurance companies to accept claims connected to ransomware attacks. That said, attackers are focusing more attacks on healthcare, higher ed, and local governments, sectors that hold sensitive personal data and are more likely to pay up in order to avoid disruption of services.
When it comes to consumer trust, GDPR might be a Catch-22.
Crossing the pond, new research from UK software company Macro 4 indicates that two-thirds of IT leaders feel the EU’s General Data Protection Regulation (GDPR) has eroded customer trust in organizations. While the GDPR was intended to make businesses more trustworthy by increasing transparency, the one hundred IT leaders surveyed by Macro 4 say it somehow had the opposite effect, making consumers more aware of the importance of protecting their data and less trusting of the organizations that handle it. Jim Allum, Director, Commercial and Technical at Macro 4, told Infosecurity Magazine, “Most IT leaders seem to feel that the regulation has made people more suspicious about how their data is being used. This is possibly because people are better informed now about how their data could be compromised or misused.” Consumer worries have no doubt been further fed by headline-making data breaches and noncompliance fines handed out to household brands (most recently, Meta) found in violation of the GDPR. It’s also worth noting that 86% of respondents to the survey say they feel the GDPR must be updated to better address emerging advances in AI tech like ChatGPT. On a positive note, 72% of those surveyed said the recent increase in hybrid working, and the resultant increase in company or personal data being handled outside the office, has led their companies to invest more time and funding to ensure compliance with the GDPR.