Researchers say that while ransomware attack volumes are dropping, shifts in gang activities have pivoted more attacks than ever to the finance sector.
On Monday, cybersecurity firm KELA published its Ransomware victims and network access sales report (PDF), suggesting that the number of significant ransomware victims dropped by approximately 40%, recorded as 698 in Q1 compared to Q4 2021’s 982.
On average, the company recorded 232 ransomware attacks per month during this time period.
A notable shift is Conti’s place as one of the most prolific ransomware groups, alongside LockBit, Hive, Alphv/Blackcat, and Karakurt.
There’s no honor among thieves when it comes to Conti. The ransomware gang will just as easily target a hospital as a business, encrypting systems and demanding a hefty blackmail payment in return for a decryption key.
During the first few months of this year, Conti publicly pledged its support for Russia’s invasion of Ukraine. Following the Russian-speaking group’s declaration, in retaliation, an individual broke into its systems and leaked Conti’s malware code and internal chat logs – a treasure trove for researchers and defenders alike.
While security teams were able to use the leaks to improve their understanding of the ransomware gang’s operations, it also impacted Conti’s place in the pecking order.
According to KELA, Conti has been booted from