KELA Cybercrime Intelligence Center
Ransomware groups continue to evolve and threaten organizations and companies around the world. While some gangs reduced their activity in Q2 2022 or shut down, new actors like Black Basta emerged and continued extorting money from businesses. Similarly to the ransomware attackers, there are actors mimicking their methods, such as stealing data and managing data leak sites, but not using actual encrypting software in their attacks.
Ransomware and data leak sites operators are constantly using the growing cybercrime ecosystem to ease the reconnaissance and initial compromise phases, constantly relying on other cybercriminals, including Initial Access Brokers (IABs). These actors, selling remote access to corporate networks, are an important part of the ransomware supply chain, therefore monitoring network access suppliers leads to better understanding of the ransomware-as-a-service (RaaS) ecosystem.
The report is based on KELA’s monitoring of ransomware gangs and initial access brokers’ activity in Q2.