Slices of the Ransomware Pie: Two Names Dominate the Illegal Game

The global ransomware landscape is the subject of periodical reviews and examinations on part of the infosec community. In one such recent review, security firm Digital Shadows published some findings that are useful and insightful in constructing the bigger picture of ransomware.

Two names dominate the ransomware scene in Q1 2022

The period of time examined by the research team spans the first quarter of 2022. Within the first three months of the year, just two ransomware names dominated the majority of attacks and ransomware infections. The dominant strains are the same two you keep seeing all over the news if you follow the infosec landscape in general - LockBit and Conti. The two ransomware outfits operating LockBit 2.0 and Conti alone were responsible for nearly 60% of all ransomware-related incidents for the quarter.

The subdivision of the criminal pie between the two gangs is not equal either. LockBit 2.0 was used in 38% of ransomware attacks for the period, with the Conti gang responsible for almost half of this, at 20%.

Another curious statistic published by Digital Shadows is the number of exfiltrated data dumps that were leaked online. The LockBit gang alone leaked a record 200 data sets belonging to 200 different victims over just the first three months of 2022.

Leaking potentially sensitive information online has become a common trick in the repertoire of ransomware threat actors. It is a simple but often surprisingly effective method of exerting additional pressure to pay upon the victim. Of course, not all information is worth the amount of money the hackers might ask, which is also why so many leaks crop up when victims refuse to play along and pay.

Conti shaken but not out of the picture

The Conti group was a little shaken up as a result of the tremors that followed the gang's pro-Russian proclamation. A lot of internal Conti correspondence, chats, workflow, and organizational information was published online through the ContiLeaks Twitter account. Researchers don't believe that the leaks will have a big enough impact on the gang's operations to take them out of commission entirely.

Of course, new names keep cropping up among ransomware outfits. For the first three months of 2022, Digital Shadows logged six separate new threat actors, including names such as Pandora, Night Sky, and x001xs.

April 15, 2022