Recent law enforcement takedowns of ransomware gangs, including ALPHV/BlackCat and LockBit, were reported by Europol to have prompted more established ransomware affiliates to venture into creating their own operations with payloads developed using leaked builders, resulting in increased fragmentation in the threat landscape, The Register reports.
"This trend might also be perpetuated by the wider availability and increased quality of AI tools that lack prompt filtering, which cybercriminals can use to quickly assemble and debug their code," said Europol. Such a development has been accompanied by an increased targeting of small and medium sized businesses, according to the report, which noted persistent extortion tactics in such intrusions. Despite rising fragmentation, active ransomware-as-a-service sites were observed by WithSecure to have declined since the beginning of the year. "This suggests that while the industry has been disrupted, actors have since settled down behind a smaller number of brands which may be perceived as safe hands," said WithSecure Senior Threat Intelligence Analyst Stephen Robinson.