{"id":8713,"date":"2024-06-20T14:46:44","date_gmt":"2024-06-20T05:46:44","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=8713"},"modified":"2025-01-20T15:10:23","modified_gmt":"2025-01-20T06:10:23","slug":"ransomware-rebounds-extortion-threat-surges-in-2023-attackers-rely-on-publicly-available-and-legitimate-tools","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/ransomware-rebounds-extortion-threat-surges-in-2023-attackers-rely-on-publicly-available-and-legitimate-tools\/","title":{"rendered":"Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools"},"content":{"rendered":"\n<p>Ransomware activity increased in 2023 compared to 2022, according to Google-owned Mandiant.This is despite broadscale law enforcement operations against prominent ransomware groups, including ALPHV\/BlackCat.<br><br>In 2023, Mandiant noted a rise in ransomware activity, reflected by more posts on data leak sites and a moderate increase in ransomware investigations. Around a third of new ransomware families were variants of existing ones. Attackers mainly used commercially available tools for ransomware deployment, with a decline in Cobalt Strike BEACON and a rise in legitimate remote access tools. Ransomware was deployed within 48 hours in about one-third of cases, and 76% of deployments occurred outside work hours, primarily in the early morning.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware activity increased in 2023 compared to 2022, according to Google-owned Mandiant.This is despite broadscale law enforcement operations against prominent ransomware groups, including ALPHV\/BlackCat. In 2023, Mandiant noted a rise in ransomware activity, reflected by more posts on data leak sites and a moderate increase in ransomware investigations. Around a third of new ransomware families were variants of existing ones.<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":8714,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226,12,9,2,7,8,1],"tags":[],"class_list":["post-8713","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-finance-and-legal","category-read_article","category-ransomware_criminals","category-ce_news","category-by_country","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2025\/01\/technology-apartment-used-deploying-ddos-attacks-scripts-close-up_482257-110954.jpg?fit=1380%2C776&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8713"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=8713"}],"version-history":[{"count":1,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8713\/revisions"}],"predecessor-version":[{"id":8716,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8713\/revisions\/8716"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/8714"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=8713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=8713"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=8713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}