In Q1 2022, ransomware gangs maintained their status as a major and central threat. They collaborated with various cybercriminals, such as initial access brokers (IABs), and aimed to conduct attacks against corporations worldwide. The following insights are drawn from KELA’s monitoring of ransomware gangs and initial access brokers’ activity in Q1:
The total number of ransomware victims (698) dropped by 40% in Q1 of 2022 compared to Q4 2021 (982), with LockBit replacing Conti as the most active gang since the beginning of the year. The number of attacks launched by the Conti gang dropped in January 2022 and increased following the leak of Conti’s internal data.
•The finance sector made it to the top five targeted sectors with 46 attacks.40% of the attacks were associated with LockBit gang.•Ransomware gangs were seen using a relatively new intimidating method which includes publishing a victim without its name.
•The number of network access listings on sale slightly increased compared to Q4 2021. KELA traced over 521 offers for sale with the cumulative price requested for all accesses surpassing $1.1 million, while in Q4 2021 KELAmonitored 468 access networks for sale.
•The average sales cycle for network access is 1.75 days.
KELA was able to identify more than 150 network access victims and then link some of them to ransomware attacks carried out by BlackByte, Quantum, and Alphv. The network accesses were most likely bought by ransomware affiliates.