According to a new report, the LockBit ransomware group, with its LockBit 3.0 encryption tool, was the most notorious and most destructive organization in the cybercrime community last year.
Trustwave’s ‘Review of the Year’ Says LockBit 3.0 Retains Ransomware’s Most Infamous Status (opens in a new tab) player due to the high payments that recruit experienced malicious actors, the constant buying of new exploits, and the bug bounty program that offers high rewards, which is allegedly a first for the ransomware group.
“With all these programs and the continued effectiveness of the group, (LockBit) is projected to remain the most active and successful group for the foreseeable future,” says Trustwave.
New versions of ransomware
In 2022, the group also released LockBit 3.0, the latest version of its ransomware, which included a number of new features, such as automatic elevation of privileges, disabling Windows Defender, “safe mode” to bypass antivirus solutions, and a multiple encryption system that reduces the chances of a website the third will provide a working decryptor.
As a result, researchers claim that nearly half (44%) of all successful ransomware attacks last year were carried out using LockBit.
Other large groups wreaking havoc on the cyber world in 2022 include BlackBasta (whose researchers suspect strong ties to former leader Conti), Hive (whose partnership model earned it the title of “the most impressive ransomware operator”) and BlackCat (AKA ALPHV ).
Roughly one-tenth (9%) of all ransomware attacks reported in Q3 2022 were allegedly carried out using Hive, with an additional 6.5% due to BlackCat.
Moving on, researchers don’t think ransomware will go away any time soon. The average attack cost ranged from $570,000 to $812,360 per Cloudally data, making it one of the most lucrative and therefore most popular attack vectors.