This is, undoubtedly, the most fluid section of this site. As demonstrated earlier, ransomware actors have changed their tactics many times, but those changes often take place gradually over several years. Ransomware groups, on the other hand, can pop up and shut down seemingly overnight.
There are a lot of reasons for this, but the biggest factor stems from the illegal status of ransomware. This means ransomware actors are often under the watchful eye of law enforcement, and while law enforcement certainly can move slowly (at least compared to what those of us in the information security community would like to see) it does move.
In addition, law enforcement action against a Bitcoin exchange to pull back some of the paid Colonial Pipeline ransom was enough to send the ransomware group that conducted the attack, DarkSide, into rebranding (the actor behind DarkSide came out with a new ransomware in August called BlackMatter).
All this means that the ransomware threat actor landscape has drastically changed just in the first half of 2021. Make no mistake: The threat has not gone anywhere (this is discussed in more detail
), but the main threat actors have changed.
Still, it’s worth having a conversation about the current biggest ransomware threats and what to expect from each of these ransomware variants.