Ransomware Rise: Lockbit Dominance & Shifting Threats
After a recent decline, there has been an upswing in ransomware attacks. NCC Group’s data reveals that the resurgence is spearheaded by aging ransomware-as-a-service (RaaS) groups.
By actively monitoring leak sites and scraping victim details upon release, researchers found that Lockbit dominated with 62 attacks in July. This marks a ten-fold increase from the previous month and more than double the combined attacks of the second and third most active groups. Authors caution that Lockbit 3.0 remains the most formidable ransomware group, urging organizations to stay vigilant.
The second and third most active groups, Hiveleaks with 27 attacks and BlackBasta with 24 attacks, have experienced significant surges since June – a 440 percent rise for Hiveleaks and a 50 percent increase for BlackBasta. The connection between the resurgence in ransomware attacks and the ascent of these groups might be closely intertwined.
Reasons Behind the Ransomware Resurgence
In July, NCC Group’s researchers identified 198 successful ransomware campaigns, indicating a 47 percent increase from June. While this surge is notable, it still falls short of the peak seen in March and April when there were nearly 300 campaigns each month.
The Fluctuation Explained
May saw heightened U.S. government efforts against Russian cybercrime, offering up to $15 million for valuable information on Conti, then the leading ransomware gang globally. The report’s authors speculate that threat actors were undergoing structural changes, leading to increased compromises as they settled into new modes of operation.
Hiveleaks and BlackBasta emerged from this restructuring. Associated with Conti, Hiveleaks operates as an affiliate, while BlackBasta serves as a replacement strain. The authors note that Conti’s presence has quickly reappeared in the threat landscape under new identities.
With Conti now divided, the authors predict that these figures may further rise in August as the threat landscape evolves.
Reference: NCC Group Monthly Threat Pulse – July 2022 | Reward Offers for Information to Bring Conti Ransomware Variant Co-Conspirators to Justice
Notice: EntreBase Trust & Safety; Threat Advisory information is monitored daily and continuously updated, maintained, and populated by industry-leading Vulnerability and Threat Intelligence sources containing over 12,000 records for vulnerabilities in Email Security, Website Security, WordPress plugins, themes, and core. The database is actively maintained by a team of highly credentialed and industry-leading vulnerability researchers and analysts with dozens of vulnerabilities added per week.
Did you find this article helpful? Please share below and let us know via LinkedIn or Twitter as we would love to hear from you.