ShadowSyndicate, the latest group to join the ransomware party, is giving us a masterclass in teamwork. They’ve been linked to not one, not two, but seven different ransomware families in the past year. If only they’d use their powers for good, they could probably solve world hunger or something. On a more serious note, this group is a potent reminder that the ever-evolving threat landscape demands relentless vigilance. Let’s not forget the German law enforcement authorities making moves against the DoppelPaymer ransomware group. This cybercrime drama is getting spicier by the day.
- ShadowSyndicate, a new cybercrime group, has been leveraging seven ransomware families over the past year.
- Active since July 16, 2022, this actor has been linked to ransomware activity related to Quantum, Nokoyawa, BlackCat, Royal, Cl0p, Cactus, and Play strains.
- A distinct SSH fingerprint was discovered on 85 servers, 52 of which have been used as command-and-control (C2) for Cobalt Strike.
- German law enforcement authorities have executed search warrants against actors associated with the DoppelPaymer ransomware group.
- Ransomware groups are continuously developing new methods to improve their ability to financially extort victims, making 2023 the second most profitable year after 2021.
Need to know more?
ShadowSyndicate: The New Kids on the Block
Move over, boy bands. ShadowSyndicate, the new threat actor in town, has been working with various ransomware groups and affiliates. They've been linked to seven different ransomware families within a year. Talk about being ambitious! They've even been using off-the-shelf post-exploitation tools like Cobalt Strike and Sliver as well as loaders such as IcedID and Matanbuchus.
Not all Heroes Wear Capes
German law enforcement authorities are stepping up their game, targeting actors associated with the DoppelPaymer ransomware group. Two suspects, a 44-year-old Ukrainian and a 45-year-old German national, are alleged to have held key roles within the network. Their names have not been disclosed, but let's just call them Cybercrime Bonnie and Clyde.
Ransomware: The Gift that Keeps on Giving
The U.S. Department of Homeland Security (DHS) warns that ransomware groups are continuously developing new methods to improve their ability to financially extort victims. In fact, 2023 is shaping up to be the second most profitable year for these cybercriminals, only surpassed by 2021. They've upped their game with multilevel extortion, threatening to publicly release stolen data, use DDoS attacks, or harass the victim's customers to coerce the victim to pay.
Insurance Claims Spike, Along with Our Blood Pressure
The resurgence of ransomware attacks has resulted in a spike in cyber insurance claims. Overall claims frequency has increased by 12% in the first half of the year in the U.S., with victims reporting an average loss amount of over $365,000. Businesses with more than $100 million in revenue saw the largest increase in frequency. It's clear that no one is safe from these cyber onslaughts.
BlackCat, Cl0p, and LockBit: The Unholy Trinity
The threat landscape continues to evolve, with BlackCat, Cl0p, and LockBit remaining some of the most prolific and evolutionary ransomware families. They primarily target small and large enterprises spanning banking, retail, and transportation sectors. Meanwhile, the number of active RaaS and RaaS-related groups has grown in 2023 by 11.3%, rising from 39 to 45. Clearly, ransomware is the bad gift that just keeps on giving.