These were the worst ransomware attackers of 2022

ID theft
Image credit: Pixabay (Image credit: Future)

The LockBit ransomware group, with its LockBit 3.0 encryptor, was the most prominent and damaging organization in the cybercrime community last year, a new report has claimed. 

Trustwave's “year in review” lookback claims LockBit 3.0 kept its status as the most infamous ransomware player due to high payments that recruit experienced malicious actors, constant purchasing of new exploits, as well as a bug bounty program that offers high-paying bounties, which is allegedly a first for a ransomware group.

“With all these programs and the continued effectiveness of the group, it is forecasted that (LockBit) will remain the most active and effective group for the foreseeable future,” Trustwave says.

New ransomware versions

2022 saw the group also release LockBit 3.0, the latest version of its ransomware, which sported a number of new features such as automated permission elevation, Windows Defender disabling, a “safe mode” to work around antivirus solutions, and a multi-encryption system that lowers the chances of a third-party providing a working decryptor.

Consequently, the researchers claim almost half (44%) of all successful ransomware attacks last year were achieved using LockBit.

Other major groups that were wreaking havoc across the cyberworld in 2022 include BlackBasta (for which the researchers suspect strong ties with once leaders, Conti), Hive (whose affiliate model earned it the title “most impressive ransomware operator”), and BlackCat (AKA ALPHV). 

Roughly a tenth (9%) of all ransomware attacks reported in Q3 2022 were allegedly carried out using Hive, with an additional 6.5% falling on BlackCat.

Going forward, the researchers don’t think ransomware will be going away any time soon. The average cost of an attack ranged between $570,000 and $812,360 per Cloudally’s figures, making it among the most lucrative, and thus most popular, attack vectors. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.