The scourge of ransomware endures as criminals continue to find new ways to exploit and compromise systems and networks for their financial gain. WaterISAC is highlighting the most prolific and noteworthy ransomware groups this holiday season for members’ security awareness.

In November, the ransomware group PYSA conducted the greatest number of ransomware attacks, according to a new report from the cybersecurity firm NCC Group. Last month, organizations infected with PYSA increased by 50 percent. Following close behind, Lockbit was another one of the most active ransomware group’s last month. The Conti ransomware group was not quite as active, compared to previous periods, with activities decreasing by 9 percent. Nevertheless, Conti has recently adopted some new tactics and continues to be a pernicious threat.

Some new ransomware actors have also emerged this season. The Everest ransomware gang, a Russian-speaking group, will uniquely sell access to the victim’s IT infrastructure. According to the NCC Group “while selling ransomware-as-a-service has seen a surge in popularity over the last year, this is a rare instance of a group forgoing a request for a ransom and offering access to IT infrastructure – but we may see copycat attacks in 2022 and beyond.” Finally, researchers at the cybersecurity company Sophos have been tracking a new ransomware group known as Avos Locker. A unique characteristic of this ransomware is that it aims to disable endpoint security products by placing a victim’s computer in Safe Mode. Members should visit StopRansomware.gov for more information and tips for preventing ransomware attacks. Read more at BleepingComputer, at Sophos, or access the NCC Group report here.