Ransomware, Malware

OpenText Cybersecurity Names “Nastiest” Malware

Credit: Adobe Stock Images

Ransomware has rapidly ascended the ranks of the most notorious malware in 2023, with ransomware-as-a-service now the “weapon of choice” for cybercriminals, OpenText Cybersecurity said in a new report.

While average ransomware payments are up, the percentage of organizations that pay is at an all-time low, the MSSP Alert Top 250 Managed Security Service Provider said. Evidence shows that cyber hijackers are foregoing high volume, lower rewards hits for larger, potentially more lucrative attacks, OpenText Cybersecurity’s report suggested.

"A key finding this year is the RaaS business model is another win for the bad guys," said Muhi Majzoub, OpenText Cybersecurity executive vice president and chief product officer. "Profit sharing and risk mitigation are top contributors to RaaS success along with the ability to easily evade authorities. There is a silver lining as research shows only 29% of businesses pay ransom, an all-time low. These numbers indicate people are taking threats seriously and investing in security to be in a position where they do not need to pay ransom."

Cl0p Named "Nastiest" Malware

Newcomer Cl0p takes the prize for this year's "nastiest" malware of the year so far after commanding exorbitant ransom demands with its MOVEit campaign. Cl0p's efforts helped skyrocket the average ransom payment which is rapidly approaching $750,000. Black Cat, Akira, Royal, Black Basta also debuted on the list, joined by the omnipresent Lockbit.

2023’s Six “Nastiest Malware,” according to OpenText Cybersecurity’s Malware Report:

  • Cl0p, a RaaS platform, exploited a zero-day vulnerability in the MOVEit Transfer file software developed by Progress Software. MOVEit victims include such notable organizations as Shell, BBC, and the United States Department of Energy.
  • Black Cat, which is believed to be the successor to REvil ransomware group, has built their RaaS platform on the Rust programming language. They made headlines for taking down MGM Casino Resorts.
  • Akira, presumed to be a descendant of Conti, primarily targets small to medium sized businesses due to the ease and turnaround time. Most notably, Akira ransomware targeted Cisco VPN products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
  • Royal, the suspected heir to Ryuk, uses Whitehat penetration testing tools to move laterally in an environment to gain control of the entire network. Helping aid in deception is their unique partial encryption approach that allows the threat actor to choose a specific percentage of data in a file to encrypt.
  • Lockbit 3.0, last year's winner, continues to wreak havoc. Now in its third era, Lockbit 3.0 is more modular and evasive than its predecessors.
  • Black Basta is one of the most active RaaS threat actors and is also considered to be yet another descendant of the Conti ransomware group. They have gained a reputation for targeting all types of industries indiscriminately.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.