Ransomware blogs are surging, tech security study reveals

Ransomware blog posts operated by ransomware actors that use them for nefarious purposes including blackmailing companies, have surged in 2023 over the previous year, according to a new study by tech security company, Kaspersky.

Another notable development included in the KSB reveals that the dark web also witnessed an alarming rise in stealer malware designed to pilfer sensitive information such as login credentials, financial details and personal data. 

Reviewing last year’s dark market trends, Kaspersky’s research discovered a surge in ransomware blog posts operated by ransomware actors who leverage blogs for various purposes including blackmailing companies, revealing successful hacks of businesses or post stolen data. Their statistics reveal that “in 2022, there were around 386 monthly blog posts on public platforms and the dark web. In 2023, the average surged to 476, peaking in November (634 posts).”

Another notable development included in the KSB reveals that the dark web also witnessed an alarming rise in stealer malware designed to pilfer sensitive information such as login credentials, financial details and personal data. 

Redline stealer logs, a popular malware family, tripled from 370 per month in 2022 to 1,200 in 2023. Various malware log files, containing compromised user data, posted freely on the dark web, increased by nearly 30 percent compared to the previous year.

Looking ahead to 2024, Kaspersky anticipates new challenges. Cybercriminals are expected to turn to search engine advertising to promote malware-embedded landing pages. By using Google and Bing ads for deceptive practices, this is a shift from phishing emails to ensure that their landing pages receive top positions in search results.

Additionally, there is a growing demand for crypto-drainer services, a category of malicious software engineered for the swift and automated withdrawal of funds from legitimate crypto wallets to malicious actors’ wallets, are gaining momentum among crypto scammers. 

Kaspersky anticipates an increase in the prevalence of advertisements promoting the development and sale of these crypto-stealing malware, fueled by sustained interest in cryptocurrencies, NFTs, and related digital assets.

Experts also foresee an increase in services providing AV evasion for malware, the evolution of “Loader” malware services, and changes in Bitcoin mixers and cleaning services on the dark web.

“Monitoring dark web market activities and trends is akin to peering into the enemy’s playbook, allowing early threat detection, understanding adversary tactics, and ensures you’re several steps ahead in terms of cyber defenses. It’s not just about protection; it’s about mastering the evolving threat landscape to fortify against tomorrow’s risks and ensure the resilience of corporate security,” Sergey Lozhkin, Principal Security Researcher at Kaspersky said, emphasising the importance of a proactive cybersecurity stance.