A new study by researchers from Deakin University and Université de Montréal examines the changing nature of ransomware groups over time:
-
The researchers examined 865 ransomware attacks occurring in Australia (135 attacks), New Zealand (18 attacks), the United Kingdom (366 attacks) and Canada (346 attacks) over three years (2020–2022).
-
Ransomware criminal groups tend to be short-lived, with an average life of 1.36 years. Larger and more active groups tend to last longer.
-
Ransomware attacks tend to be concentrated in a small proportion of groups. Just three ransomware criminal groups (Conti, LockBit and Pysa) accounted for 37 percent of attacks over the three years examined.