The new “BlackMatter”, “Haron”, and “El_Cometa” ransomware groups, which surfaced in the past three weeks, bear significant similarities to ransomware groups that disappeared last month. In addition, “Babuk” and “Lockbit” have returned to the scene as “2.0” versions of their original groups. Both phenomena point to a rebranding effort of ransomware operators―some claiming significant advancements in capability and technical sophistication. The rebranding trend likely represents the completion of a ransomware development cycle, which is often observed after groups cease attacks, and will probably bring new ransomware operations. In general, an increase in ransomware activity against all sectors and geographies is likely over the short-term future (one to three months), coinciding with the emergence of new (or rebranded) ransomware groups.
Digital Shadows
Threat Intelligence and Digital Risk Protection Resources
