Kivu investigated more than triple the number of ransomware incidents in 2018 that we did in 2017. Unlike the predictable ebb and flow of the 2017 attack landscape, 2018 was a year of surprises. Attack vectors became varied, reconnaissance efforts ramped up, a new age of actors entered the cybercrime arena and the impact of cyber-attacks seemed to last longer and with more devastating effects.
Coming into 2018, SamSam was one of several ransomware groups we considered kingpins of the extortion game, but by the end of the year, their attack incidence seemed to have slowed, their mechanisms became disorganized, and on November 28, 2018, the U.S. Department of Justice announced indictments of two Iranian SamSam ransomware operators who are alleged to have collected over $6 million in ransom funds across 200+ victims since 2015. SamSam has fallen relatively silent since the announcement. With the fall of SamSam came the rise of two new ransomware variants, arguably more vicious, more destructive, and stealthier than all of their ransomware peers: BitPaymer and RYUK.
Read full Threat Intellligence Report here
If you would like to receive our Threat Intelligence Report directly to your inbox, please subscribe.