Black Kite, the leader in third-party cyber risk intelligence, has announced the release of the industry’s first monthly ransomware dashboard. This resource is designed to provide crucial insights for security teams, media, analysts, and other industry leaders, offering data, graphs, trends, and key insights from Black Kite’s threat intelligence team about the top ransomware groups, their victims, and attack patterns. The dashboard also analyzes the top ransomware indicators to identify common vulnerabilities exploited by active ransomware groups, and uses data and machine learning to create the Ransomware Susceptibility Index (RSI), which paints a comprehensive picture of the industry-specific cyber-risks that organizations face each month.
In December 2022, Black Kite’s research team monitored over 360 victims of ransomware attacks. The most common indicators of compromise were MX and DNS misconfigurations that allowed for spoofing and phishing attacks, as well as in-use services and products with vulnerabilities of high exploitability. Additionally, 49% of victims had open RDP or SMB ports publicly visible. The research revealed that the LockBit ransomware group continued to dominate the landscape, while an emerging ransomware group called WereWolves entered the top three for the first time.
Ferhat Dikbiyik, head of research at Black Kite, remarked on the unusual tactics employed by the WereWolves ransomware group, which has targeted 26 victims in the U.S., Europe, and Russia. He noted that the group has a full-fledged website that recruits new members and offers a bounty program for security vulnerabilities, and it is unusual to see ransomware groups targeting Russian companies. These insights highlight the constantly evolving nature of ransomware attacks and the importance of understanding the motivation and actions of these groups in order to develop smarter security strategies to prevent attacks.
The monthly dashboard has revealed several trends over the past six months, including the dominance of LockBit in the number of victims, the increasing use of vulnerability exploitation as a method, and the emergence of new ransomware groups such as WereWolves, While Play, 8base, and Akira. The dashboard also shows that the U.S. continues to be the most targeted country, but there were unusual peaks in some countries, such as Russia, Bulgaria, Iran, and Israel, due to political conflicts. Additionally, the manufacturing industry remained one of the top industries targeted, with an increase in attacks in the second half of the year, and there was also an increase in attacks on the healthcare and information industries.
With ransomware groups becoming more sophisticated and operating at growing scales, it is imperative for companies to understand their risk and have the tools to make informed decisions about their security strategies. Black Kite’s monthly report dashboard provides critical visibility to help connect the dots between ransomware groups’ patterns and their victims, allowing organizations to develop smarter security strategies.
Black Kite’s focus on providing companies with a comprehensive, real-time view into cyber ecosystem risk has positioned the company as a leader in the industry. Through an automated process and a combination of threat, business, and risk information, Black Kite offers cyber risk intelligence that goes beyond a simple risk score or rating. The company serves more than 1,500 customers in a wide range of industries and has received numerous industry awards and recognition from customers.
For more information on Black Kite’s latest ransomware data, visit the December report landing page or view data from the last six months on the Ransomware Reports page on Black Kite’s website.