Of the many ransomware attacks in the world, during the first three months of 2022 half of that ransomware came from only two hacker gangs.
According to security researchers at Digital Shadows, the two hacker gangs most actively spreading ransomware between January-March 2022 were LockBit 2.0 and Conti. Both account for 58% of worldwide ransomware attacks. Oh yes, Conti is a ransomware that attacked Bank Indonesia at the end of 2021.
Then of the two gangs, LockBit is the most "powerful" gang, with 38% of ransomware attacks. This percentage of LockBit attacks is almost double the recorded attacks of Conti, which in the same period recorded 20% of ransomware attacks.
Both LockBit and Conti stole data from the victim and threatened to share the data via the site if the victim did not want to pay the ransom, as quoted by Zdnet, Monday (18/4/2022).
According to Digital Shadows, LockBit has leaked data from 200 of its victims during Q1 2022, aka the gang that leaked the most data. In addition to these two gangs, there are also other ransomware such as Hive, Vice Society, and Blackbyte whose number of attacks is quite significant.
In February last year, there were internal cases that occurred at Conti, namely the leaked records of conversations between a number of Conti members. The note reveals Conti's support for the Russian invasion of Ukraine.
However, this problem does not appear to have had an impact on reducing Conti ransomware attacks, although it is said that the impact is felt internally.
"Although Conti's chat leaks had a fairly large impact on the group, the impact was not significant on the group's market share. Conti doesn't seem to have slowed down since the leaked chat logs and source code," said Ivan Righi, senior cyber threat intelligence analyst at Digital Shadows.
There is also a gang of hackers who disappeared in Q1 2022. According to researchers' records, PYSA ransomware was the third most active ransomware at the end of 2021, but is no longer visible. Then there is Revil, one of the most active ransomware-spreading hacker gangs, which is no longer operating.