SEKOIA.IO analysts highlighted the trends related to ransomware activity in the second half of 2022. The ransomware threat marked a very high level since mid-2022, similar to the previous year. During the last six months, ransomware groups incresingly adopted new TTPs such as callback phishing, intermittent encryption and rewriting malware code in new languages to enhance their capabilities. From our observations, the democratisation of the ransomware threat reached an almost unprecedented level. This is reflected by ransomware operators delegating some tasks to other threat actors such as Initial Access Brockers, fraudulent call centre operators and pentesters hired on cybercrime forums. We shared our analysis in the [FLINT 2023-009 - S2 2022 Ransomware Threat Landscape](https://app.sekoia.io/intelligence/objects/report--807ff7de-7744-45cd-b88b-662b6c9d63fd).