ZeroFox Intelligence Cyber Threat Advisory - Ransomware & Digital Extortion Incidents Surging In Q2 2023

Product Serial: F-2023-06-22a

TLP:CLEAR

In this advisory, ZeroFox Intelligence provides analysis of surging ransomware and digital extortion activity in Q2 2023, including potential underlying factors that are driving the high threat.

Standing Intelligence Requirements

Deep Dark Web and Criminal Underground DDW

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download View the full report here

Scope Note

ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 9:00 AM (EDT) on June 22, 2023; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Key Findings

The number of ransomware and digital extortion (R&DE) incidents recorded so far this quarter is almost 40% higher than in Q1 2023.
Deployment of well-known strains has increased, as well as new strains like 8Base, Akira, CrossLock and CryptNet.
Recent successes have very likely emboldened threat actors with Russia-based threat actors likely able to conduct R&DE attacks more freely.
ZeroFox Intelligence anticipates the R&DE threat will remain heightened in coming months.