OpenText has launched its latest annual "Nastiest Malware report", revealing a concerning rise in ransomware-as-a-service (RaaS) attacks.

The cybersecurity firm analysed emerging ransomware gangs anticipated as the next big digital threats and explored this year's most significant malware campaigns. The disruptive MOVEit onslaught stands out, affecting over 56 million people and costing globally close to $11 billion.

The top spot this year goes to Cl0p, a RaaS platform that catapulted into infamy following a series of significant cyberattacks. Cl0p exploited a zero-day vulnerability in the MOVEit Transfer file software developed by Progress Software, targeting well-known organisations such as Shell, BBC and the United States Department of Energy. Other notable players include Black Cat, suspected to be the successor to the REvil ransomware group; Akira, a probable offshoot from Conti, and Royal, believed to be the next iteration of Ryuk.

Black Basta, another likely Conti derivative, has also emerged as an indiscriminate predator in various industry sectors. Lockbit 3.0, although now in its third version and more evasive than previous incarnations, continues to pose a significant threat.

Research data from OpenText revealed a silver lining amidst the gloom. Muhi Majzoub, Executive Vice President and Chief Product Officer, OpenText, stated.

"A key finding this year is the RaaS business model is another win for the bad guys. Profit sharing and risk mitigation are top contributors to RaaS success along with the ability to easily evade authorities," he says.

"However, Majzoub also noted that only 29% of businesses capitulate to ransom demands, an all-time low figure indicating an increased investment in robust security measures."

The newly adapted strategies of the cybercriminals highlight their relentless tenacity. Rebranding themselves, often under new names, they continue to find innovative ways to infiltrate intended targets. This shift suggests a renewed drive for nastier, more powerful malware, and it is increasingly crucial for businesses and individuals to build resilience against these digital threats.

OpenText Cybersecurity delivers extensive security solutions for all companies, regardless of size. Benefiting from real-time and contextual threat intelligence, their customers can enjoy highly effective products, compliance, and simplified security solutions for managing business risk.

2023 Nastiest Malware:

1. Cl0p, a RaaS platform, became famous following a series of cyberattacks, exploited a zero-day vulnerability in the MOVEit Transfer file software developed by Progress Software. MOVEit victims include such notable organizations as Shell, BBC, and the United States Department of Energy.
2. Black Cat, recognized in our 2021 Nastiest Malware report, believed to be the successor to REvil ransomware group, has built their RaaS platform on the Rust programming language. They made headlines for taking down MGM Casino Resorts.
3. Akira, presumed to be a descendant of Conti, primarily targets small to medium sized businesses due to the ease and turnaround time. Most notably, Akira ransomware targeted Cisco VPN products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
4. Royal, suspected heir to Ryuk, uses Whitehat penetration testing tools to move laterally in an environment to gain control of the entire network. Helping aid in deception is their unique partial encryption approach that allows the threat actor to choose a specific percentage of data in a file to encrypt.
5. Lockbit 3.0, a main stain on the list and last year's winner, continues to wreak havoc. Now in its third epoch, Lockbit 3.0 is more modular and evasive than its predecessors.
6. Black Basta is one of the most active RaaS threat actors and is also considered to be yet another descendant of the Conti ransomware group. They have gained a reputation for targeting all types of industries indiscriminately.