Maybe it was a spring break and then a summer lull, but it’s now fall and there’s a rise. From April onwards, the market experienced a clear decline in ransomware attacks. In August, for example, 160 attacks were recorded – small blessings, perhaps, but still a trend in the right direction. But the good times may have gone: In September, the number of attacks rose to 202, a 26% spike over the previous month.
That’s the big takeaway from NCC Group’s recently published Threat Pulse, which analyzed ransomware activity in September 2022.
A Change in Threat Variants
There’s no single reason for the sudden rise. Among other factors, there’s a change in threat variants. Conti – a player since 2020, believed to be the work of a Russia-based group – has been disbanded, while IceFire, a more recent entry that previously generated some heat, didn’t show up at all. One particular variant stole most of the thunder: Lockbit 3.0, which claimed a huge 105 victims. That put it far ahead of BlackBasta, which came second with 19 attacks.
Most Targeted Industries, Regions
By contrast, activity among verticals remained largely the same. The industrial sector is still the most popular sector, and by some distance: It registered 57 incidents (28% of the total). Consumer cyclicals came in at second with 29 incidents, or 14%. Technology was close behind that with 9%.
On the regional front, Europe took the lead spot from the U.S., with 85 incidents, or 42% of the total. The U.S., which was previously No. 1, was not far bend with 72, or 35%. Asia, meanwhile, accounted for 23 incidents.
The Threat Pulse report also spotlights efforts by China to launch and maintain active cyberespionage campaigns, specifically to serve national interests. Research indicates that for more than a year, China has deployed malware and sophisticated strategies to attack organizations around the world. The report identifies a recent incident exploiting ShadowPad, which likely involves Chinese APT actors. In particular, the group APT41 is believed to be working under the auspices of the Chinese Ministry of State Security.
NCC Group gathers information about ransomware data leaks on the dark web in real time for insights into victims, sectors targeted, and modes of attack.
