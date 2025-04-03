Ransomware Report Shows Surge in New Players

The battle continues as new players evolve and emerge.

Apr 3, 2025
Financial Cyber

Comparitech recently shared a roundup of ransomware trends for the month of February. They found that:

  • The number of ransomware attacks in February was nearly double that of the previous month.
  • The ransomware group Clop, which gained heightened notoriety following the 2023 MOVEit hack, released the remainder of its Cleo secure managed file transform vulnerability victims. The group, which is believed to be based in Russia, has released data on approximately 70 victims since last fall as part of its pattern of multi-level extortion strategies. The malware distributor is believed to have received over $500 million in ransom payments since its inception in 2019.
  • RansomHub and Qilin had the most confirmed attacks. RansomHub might be the fastest rising ransomware-as-a-service group targeting the industrial sector. The group, which is thought to be based out of either Russia or China, burst on the scene last February, most likely picking up the pieces after law enforcement hit the ALPHV and LockBit groups. Formerly known as Cyclops and Knight, the group is responsible for nearly 300 attacks over the last year, using phishing emails and password spraying tactics to target internet facing systems and user endpoints in the critical infrastructure and manufacturing sectors.
  • The number of attacks instigated by the Medusa group also increased significantly in February. The Russian RaaS group uses initial access brokers to get into a system where their malware can be used to steal and encrypt data, holding it for ransom. Coming on the scene in 2022, the group is a leading user of live-off-the-land, or dwelling attacks, and counts Toyota in its collection of high-profile victims.
  • The most targeted sector (for confirmed attacks) was the manufacturing sector. This included an attack on Italian furniture maker Alf DaFrè, which saw manufacturing come to a halt for eight days as a result of the hack.
  • February also saw the emergence of some new groups, including Anubis and Run Some Wares. Anubis is another Russian ransomware-as-a-service group that was first identified later in 2024. The group employs a number of affiliate programs, which make sense given their relative level of experience and resources, but has been expanding the targets of their double extortion campaigns from healthcare to the industrial sector.
  • Not much is know about the newcomer Run Some Wares, other than it seems to favor using its double extortion strategies on industrial and logistics companies

More information on Comparitech and its recent findings can be found here.

Latest in Cybersecurity
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
April 1, 2025
Financial Cyber
Ransomware Report Shows Surge in New Players
April 3, 2025
Encryption
Data Security Offering Focused on SaaS Vulnerabilities
April 3, 2025
Ransomware
Browser-Native Ransomware Adds to Threat Risks
April 2, 2025
Related Stories
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
SMBs Heavily Targeted by Hackers
Ransomware
Cybersecurity
Browser-Native Ransomware Adds to Threat Risks
Ep132
Cybersecurity
Security Breach: IABs, Dark Web Fueling Ransomware Surge
Today in Manufacturing Podcast
Sponsor Content
Today in Manufacturing Podcast
More in Cybersecurity
Security Breach Podcast
Sponsored
Security Breach Podcast
A new video series from Manufacturing.net - Security Breach, looks to offer the insight and tools needed to ready your company's defenses. Stay up-to-date on today's vital cybersecurity topics by subscribing here.
April 1, 2025
Encryption
Software
Data Security Offering Focused on SaaS Vulnerabilities
The growth of these applications throughout the enterprise makes data backup and recovery capabilities essential.
April 3, 2025
Ransomware
Cybersecurity
Browser-Native Ransomware Adds to Threat Risks
Due to changes in workflows, the browser needs to be defended like a critical endpoint.
April 2, 2025
Ep132
Cybersecurity
Security Breach: IABs, Dark Web Fueling Ransomware Surge
Inside the evolution of Ransomware-as-a-Service groups and why they continue to target manufacturing.
March 31, 2025
Industrial Cyber
Cybersecurity
Report Shows Significance of Machine Identity Security
Cybercriminals are targeting machine identities as entry points for attacks.
March 27, 2025
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Supply Chain Thefts Tied to Cybersecurity Vulnerabilities
Hacking databases and scheduling software is allowing thieves to target products before they're delivered.
March 27, 2025
China Us Hacking Bee Bright
Cybersecurity
Inside a Chinese State-Sponsored Group's Infiltration of a U.S. Utility
Breaking down the 300-day dwelling attack, and the impact on ICS security.
March 27, 2025
Peach Istock Ai Cyber
Cybersecurity
Ransomware Payloads and AI-Powered Polymorphic Phishing Campaigns Spike
More than 80 percent of all phishing emails exhibited some use of AI.
March 27, 2025
People Cyber Metamorworks
Oracle
How the Cybersecurity Talent Shortage Is Impacting Manufacturing
Increasingly complex adversaries and hiring hurdles are adding to cybersecurity challenges.
March 27, 2025
FILE - Sundar Pichai, CEO of Google and Alphabet.
Oracle
Google's Largest Deal Ever Centers on Cybersecurity Acquisition
The tech giant is spending $32 billion on a data center security platform.
March 20, 2025
Encryption
Cybersecurity
Top 10 Passwords Hackers Are Using to Access Remote Desktops
These exposed RDP servers can be easy targets for stealing data via brute force attacks.
March 20, 2025
Online Safety And Security
Cybersecurity
FBI Warns of Data Extortion Scam Targeting Corporate Executives
IC3 has released an alert warning of a scam involving criminal actors masquerading as the BianLian Group.
March 20, 2025
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Solution Offers Secure Device Authentication for Manufacturers
The platform looks to improve identity security, automated access management and device lifecycle protection.
March 20, 2025
Industrial Cyber
Cybersecurity
Simplified OT Security with Endpoint Solution Updates
The updated solution advances endpoint protection and detection and response capabilities.
March 20, 2025
Computer Security 531607572 6000x4000 (1)
Cybersecurity
Securing OT with Advanced Authentication
As the industry continues to evolve, adopting advanced security measures will be crucial.
March 19, 2025