These were the nastiest malware strains of 2023 - so stay on your guard

(Image credit: Shutterstock / binarydesign)

This year’s Nastiest Malware report from OpenText Cybersecurity, which lists the biggest threats for the past year, is out, and the overarching theme this year is rebranding.

After analyzing the threat landscape to determine the most notorious malware trends, the company's experts discovered the biggest threats these days are coming from ransomware players. More specifically - ransomware-as-a-service (RaaS) players. 

“A key finding this year is the RaaS business model is another win for the bad guys. Profit sharing and risk mitigation are top contributors to RaaS success along with the ability to easily evade authorities,” said Muhi Majzoub, EVP and Chief Product Officer, OpenText. “There is a silver lining as research shows only 29% of businesses pay ransom, an all-time low. These numbers indicate people are taking threats seriously and investing in security to be in a position where they do not need to pay ransom.”

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Cl0p, BlackCat, and others

These days, the biggest players out there are a rebrand of former biggest players out there. The first name on the list is Cl0p, namely because of the havoc it wreaked with the MOVEit managed file transfer attack. 

Through MOVEit, Cl0p compromised data on thousands of firms, which propelled it to the very top of the list. The second name on the list is BlackCat, which OpenText believes is the successor of the REvil ransomware group. BlackCat built its RaaS platform in Rust, and gained notoriety after breaching MGM Casino Resorts. 

The top three are rounded off by Akira, believed to be the heir to Conti (which fell apart approximately at the start of the Russo-Ukrainian conflict). Akira targets SMBs because it’s easier and these firms respond quicker, the researchers said. Akira was responsible for the attack on Cisco’s VPN products. Other notable mentions include Royal (a successor to Ryuk), LockBit 3.0, and Black Basta currently the only two names on this list that haven’t rebranded. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.