A new study by researchers from Deakin University and Université de Montréal examines the changing nature of ransomware groups over time:
The researchers examined 865 ransomware attacks occurring in Australia (135 attacks), New Zealand (18 attacks), the United Kingdom (366 attacks) and Canada (346 attacks) over three years (2020–2022).
Ransomware criminal groups tend to be short-lived, with an average life of 1.36 years. Larger and more active groups tend to last longer.
Ransomware attacks tend to be concentrated in a small proportion of groups. Just three ransomware criminal groups (Conti, LockBit and Pysa) accounted for 37 percent of attacks over the three years examined.
