Black Kite unveils industry’s first monthly ransomware dashboards
Boston, MA – January 24, 2023 – Black Kite today unveiled the industry's first monthly ransomware dashboard, featuring crucial insights for security teams, media, analysts, and other industry leaders. The resource provides data, graphs, trends, and key insights from Black Kite’s threat intelligence team about the top ransomware groups, their victims, and attack patterns.
Black Kite also analyzes the top ransomware indicators to identify common vulnerabilities exploited by active ransomware groups, and using data and machine learning, Black Kite’s Ransomware Susceptibility Index (RSI) paints a comprehensive picture of the industry-specific cyber-risks that organizations face each month.
In December alone, the research team monitored over 360 victims. The most common indicators of compromise were MX and DNS misconfigurations that allowed for spoofing and phishing attacks (266) and in-use services and products with vulnerabilities of high exploitability (233).
Additionally, 49% of victims had open RDP or SMB ports publicly visible. Research also revealed that although LockBit continues to dominate the landscape, an emerging ransomware group, WereWolves, entered the top three for the first time.
“Since recently entering the scene, the WereWolves ransomware group has targeted 26 victims in the U.S., Europe, and Russia,” said Ferhat Dikbiyik, head of research at Black Kite. “The group is unusual because it has a full-fledged website that recruits new members and offers a bounty program for security vulnerabilities. It is also unusual to see ransomware groups targeting Russian companies, which we have only witnessed before from short-lived ransomware groups.”
The monthly dashboard has surfaced trends over the past six months, including:
- LockBit has the biggest share in this set of victims with 21% of victims published by the group.
- Exploiting vulnerabilities has become the most common method.
- New groups, including WereWolves, While Play, 8base, and Akira, are putting themselves in the top ranks with an increasing number of victims.
- The U.S. continues to be the most targeted country. However, there were unusual peaks in some countries, such as Russia, Bulgaria, Iran, and Israel, due to several political conflicts.
- The manufacturing industry remained one of the top industries targeted and saw an increase in attacks in the second half of the year.
- There was an increase in attacks on the healthcare and information industries.
“Ransomware gangs are constantly evolving their tactics, and are operating at growing scales in order to get bigger profits from their victims,” said Dikbiyik. “As there is no sign of these attacks slowing down, it’s important to understand these gangs’ motivation and actions in order to have smarter security strategies to prevent attacks. This is why we have created a free resource and will continue to monitor the landscape for trends with industry-wide impact.”
As these groups become more sophisticated, it is imperative that companies understand their risk and are armed with the tools to make informed decisions about their security strategies. Black Kite’s monthly report dashboard provides critical visibility to help connect the dots between ransomware groups’ patterns and their victims so that the bad actors are no longer operating in the shadows.
To see Black Kite’s latest ransomware data, visit the December report landing page, or view data from the last six months on the Ransomware Reports page.