OpenText announced the Nastiest Malware of 2023, an annual ranking of the
year's biggest malware threats. For six consecutive years OpenText
Cybersecurity threat intelligence experts have analyzed the threat landscape to determine the most notorious malware trends. Ransomware
has been rapidly ascending the ranks, with ransomware-as-a-service
(RaaS) now the weapon of choice for cybercriminals.
This
year four new ransomware gangs, believed to be the next generation of
previous big players, topped the list. Newcomer Cl0p takes the prize for
this year's nastiest malware after commanding exorbitant ransom demands
with its MOVEit campaign. Cl0p's efforts helped skyrocket the average
ransom payment which is rapidly approaching three quarters of a million
dollars. Black Cat, Akira, Royal, Black Basta also made their debut,
joined by the always present, Lockbit.
"A
key finding this year is the RaaS business model is another win for the
bad guys. Profit sharing and risk mitigation are top contributors to
RaaS success along with the ability to easily evade authorities," said
Muhi Majzoub, EVP and Chief Product Officer, OpenText. "There is a
silver lining as research shows only 29% of businesses pay ransom, an
all-time low. These numbers indicate people are taking threats seriously
and investing in security to be in a position where they do not need to
pay ransom."
This
year's list highlights the tenacity of cybercriminals as they continue
to reinvent themselves, coming back stronger each time (often with new
names). Their scrappy mentality allows them to go beyond the norm to
find new ways to invade their target.
2023 Nastiest Malware
- Cl0p,
a RaaS platform, became famous following a series of cyberattacks,
exploited a zero-day vulnerability in the MOVEit Transfer file software
developed by Progress Software. MOVEit victims include such notable
organizations as Shell, BBC, and the United States Department of Energy.
- Black Cat,
recognized in our 2021 Nastiest Malware report, believed to be the
successor to REvil ransomware group, has built their RaaS platform on
the Rust programming language. They made headlines for taking down MGM
Casino Resorts.
- Akira,
presumed to be a descendant of Conti, primarily targets small to medium
sized businesses due to the ease and turnaround time. Most notably,
Akira ransomware targeted Cisco VPN products as an attack vector to
breach corporate networks, steal, and eventually encrypt data.
- Royal,
suspected heir to Ryuk, uses Whitehat penetration testing tools to move
laterally in an environment to gain control of the entire network.
Helping aid in deception is their unique partial encryption approach
that allows the threat actor to choose a specific percentage of data in a
file to encrypt.
- Lockbit 3.0,
a main stain on the list and last year's winner, continues to wreak
havoc. Now in its third epoch, Lockbit 3.0 is more modular and evasive
than its predecessors.
- Black Basta
is one of the most active RaaS threat actors and is also considered to
be yet another descendant of the Conti ransomware group. They have
gained a reputation for targeting all types of industries
indiscriminately.