Mr. Muhi Majzoub reports

OPENTEXT CYBERSECURITY NASTIEST MALWARE OF 2023 SHOWS RANSOMWARE-AS-A-SERVICE NOW PRIMARY BUSINESS MODEL

Open Text Corp. has released its Nastiest Malware of 2023 report, an annual ranking of the year's biggest malware threats. For six consecutive years, OpenText Cybersecurity threat intelligence experts have analyzed the threat landscape to determine the most notorious malware trends. Ransomware has been rapidly ascending the ranks, with ransomware-as-a-service (RaaS) now the weapon of choice for cybercriminals.

This year, four new ransomware gangs, believed to be the next generation of previous big players, topped the list. Newcomer Cl0p takes the prize for this year's nastiest malware after commanding exorbitant ransom demands with its MOVEit campaign. Cl0p's efforts helped skyrocket the average ransom payment, which is rapidly approaching three-quarters of $1-million. Black Cat, Akira, Royal and Black Basta also made their debuts, joined by the always-present Lockbit.

"A key finding this year is the RaaS business model is another win for the bad guys. Profit sharing and risk mitigation are top contributors to RaaS success, along with the ability to easily evade authorities," said Muhi Majzoub, executive vice-president and chief product officer, Open Text. "There is a silver lining, as research shows only 29 per cent of businesses pay ransom, an all-time low. These numbers indicate people are taking threats seriously and investing in security to be in a position where they do not need to pay ransom."

This year's list highlights the tenacity of cybercriminals as they continue to reinvent themselves, coming back stronger each time (often with new names). Their scrappy mentality allows them to go beyond the norm to find new ways to invade their target.

2023 nastiest malware:

1. Cl0p, an RaaS platform, became famous following a series of cyberattacks, exploiting a zero-day vulnerability in the MOVEit Transfer file software developed by Progress Software. MOVEit victims include such notable organizations as Shell, BBC (British Broadcasting Corp.) and the United States Department of Energy.
2. Black Cat, recognized in Open Text's Nastiest Malware of 2021 report, believed to be the successor to the REvil ransomware group, has built its RaaS platform on the Rust programming language. It made headlines for taking down MGM Casino Resorts.
3. Akira, presumed to be a descendant of Conti, primarily targets small-to-medium-sized businesses due to the ease and turnaround time. Most notably, Akira ransomware targeted Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal and eventually encrypt data.
4. Royal, suspected heir to Ryuk, uses Whitehat penetration testing tools to move laterally in an environment to gain control of the entire network. Helping aid in deception is its unique partial encryption approach that allows the threat actor to choose a specific percentage of data in a file to encrypt.
5. Lockbit 3.0, a main stain on the list and last year's winner, continues to wreak havoc. Now in its third epoch, Lockbit 3.0 is more modular and evasive than its predecessors.
6. Black Basta is one of the most active RaaS threat actors and is also considered to be yet another descendant of the Conti ransomware group. It has gained a reputation for targeting all types of industries indiscriminately.

About Open Text Corp.

Open Text enables organizations to gain insight through market-leading information management solutions, powered by OpenText Cloud Editions.

We seek Safe Harbor.