In 2023   , there was a significant increase in the number of new multipoint extortion ransomware groups . These groups, connected to older ransomware operations  , employ various tactics to coerce victims into paying a ransom, including data theft and threats of data publication. This article explores the rise of these groups and highlights the advantages they offer to defenders.
Cybersecurity company WithSecure has observed a surge in the emergence of new multipoint extortion ransomware groups , with nearly half of the tracked ransomware groups initiating operations. Many of these new groups have clear connections to previous ransomware operations  . To pressure victims into paying a ransom , these groups employ different methods, such as stealing and threatening to release data. The leaked source code for Conti, Lockbit   , and Babuk ransomware has been utilized by other ransomware gangs, contributing to the increase in data leaks . WithSecure has identified a total of 60 multipoint extortion ransomware gangs, with 29 of them being newly established . Despite the growing number of ransomware attacks, the predictability of these groups offers advantages to defenders. Organizations can leverage their incident response and cyber-resilience efforts to prepare for the inevitable targeting by ransomware gangs.
The rise of new multipoint extortion ransomware groups poses significant challenges for cybersecurity. The use of stolen source code and the threat of data publication have led to an increase in data leaks. However, the predictability of these groups provides defenders with an opportunity to enhance their defenses. By focusing on incident response and cyber-resilience efforts  , organizations can better prepare for potential ransomware attacks. Mitigating the impact of these attacks and safeguarding against future threats should be a priority for all entities.