Conti-linked Akira and Phobos-related 8Base were the most prolific ransomware groups among the 25 new operations that emerged last year, according to The Register.
Nearly 25% of all publicly claimed ransomware attacks in 2023 were from the newly emergent operations, with the WereWolves gang expected to gain further traction this year following a slew of attacks by the end of last year, a report from Palo Alto Networks' Unit 42.
While five groups including Ransomed.vc, CrossLock, and Rancoz, as well as LockBit-linked DarkRace and Chaos-linked CryptNet have become inactive towards the second half of the year, threat actors from such operations may have slowed down attacks or just joined other ransomware gangs, said Unit 42 Principal Threat Researcher Doel Santos.
"If some of these groups did not last the entire year, new threat actors can fill the void. The second half of 2023 revealed posts from 12 new leak sites, indicating these groups might have started later in the year," Santos added.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.