Most prolific ransomware groups described.
N2K logoDec 13, 2022

Lockbit, Coni, and Blackcat: still crazy after all these years.

Most prolific ransomware groups described.

Searchlight Security has published a report outlining three of the most notorious ransomware groups of 2022: Lockbit, Conti, and Blackcat.

Ransomware-as-a-service offerings in 2022.

All three of these ransomware strains operate under a ransomware-as-a-service (RaaS) model. Conti was the most prolific gang until it shuttered its operations in June 2022. Its operators are likely still actively working for other groups, however. The researchers note that it’s “strongly suspected that group members joined other RaaS operations such as BlackBasta and BlackByte, or refocused their efforts into groups thought to be subsidiaries of the primary Conti operation, such as Karakurt.”

Lockbit filled the void left by Conti’s closure, and now accounts for one-third of all ransomware attacks observed by Searchlight. Lockbit operators are known for their dual extortion tactics, offering victims options for how to deal with the stolen data:

“On its latest leak site, LockBit 3.0, there are options on some victims’ listings to either extend the countdown timer by 24 hours, ‘destroy’ the stolen data, or download the stolen data, for varying price points.”

Finally, Blackcat (also known as ALPHV or Noberus) also conducts dual extortion attacks, placing their victims’ data into a database that’s accessible by cybercriminals:

“[T]he general collection is a searchable database of leaked data from victims who don’t pay their ransom, optimized to make it easier for cybercriminals to find a particular company’s stolen files. At one point, this collection was even available on the clear web, leaving BlackCat’s victims even more exposed.”

Rising threats for 2023.

Searchlight highlights the ViceSociety, AvosLocker, and Hive ransomware gangs as threats to watch going into next year. ViceSociety is a dual extortion racket that targets the education sector. AvosLocker and Hive are RaaS offerings, with Hive being designed to be easily operated by inexperienced actors.