Cofense Intelligence has announced research revealing the most prominent five ransomware groups. The ransomware groups are: 

  1. LockBit 3.0
  2. BlackCat
  3. BianLian
  4. Akira
  5. BlackSuit

Among RaaS groups, LockBit 3.0 is the most active. This organization predominantly targets the healthcare and public health sector, utilizing a variety or approaches such as IABs, phishing campaigns and direct attacks. A quality of LockBit3.0 is the ability to customize many facets, including the use of modules, making detection difficult for security enterprises. 

Furthermore, the report identifies the most commonly deployed malware delivering ransomware. The top delivery methods are:

  1. DarkGate RAT
  2. Remcos RAT
  3. Async RAT
  4. XWorm RAT
  5. ConnectWise RAT

Most commonly, DarkGate RAT has been observed being delivered via an attached Office document. In the document, there is typically a link that, when clicked, will deliver the DarkGate RAT binary.