Surge In Global Ransomware Attacks As LockBit Returns

LockBit 3.0 resurfaces as leading threat actor.

Surge In Global Ransomware Attacks As LockBit Returns

Global ransomware attacks saw a significant increase in May, with incidents rising by 32 percent month-on-month from 356 to 470 and by 8 percent year-on-year from 435 to 470, according to UK cybersecurity firm NCC Group's latest monthly Threat Pulse report.

In a notable development within the ransomware landscape, LockBit 3.0 has resurfaced as the leading threat actor. Previously dormant following a takedown, LockBit 3.0 accounted for 37 percent of all attacks in May, a staggering 665 percent month-on-month increase from 176 attacks. Play, which held the top position previously, was relegated to second place with 32 attacks (7 percent), while RansomHub maintained third position with 22 attacks (5 percent), a 19 percent decrease from the previous month.

New threat actors have also emerged in the top 10 for May, according to the report. DAn0N, initially observed in April, ranked eighth with 13 attacks (3 percent) and favors the double extortion method. Underground, also favoring double extortion, ranked ninth with 12 attacks (3 percent). Arcus Media, a newly established ransomware operator, entered the top 10 in tenth place with 11 attacks (>3 percent), notable for its unique, non-repurposed malware.

Matt Hull, global head of threat intelligence at NCC Group says: "Following the takedown of LockBit 3.0 earlier this year, speculation has swirled around whether the group would simply dissolve, as we've seen with other threat groups like Hive.

"However, the current surge in victim numbers suggests a different story. It's possible that amidst law enforcement action, LockBit not only retained its most skilled affiliates but also attracted new ones, signaling their determination to persist. Alternatively, the group might be inflating their numbers to conceal the true state of their organization."

Regional Shifts In Ransomware Targets

North America and Europe remained the primary targets, accounting for 77 percent of all attacks. However, North America's proportion of global attacks decreased from 58 percent to 49 percent, despite an 11 percent increase in absolute numbers. Europe experienced a 65 percent increase in attacks.

Significant increases were also observed in other regions. South America saw its share of global attacks rise from 5 percent to 8 percent month-on-month, a 60 percent increase. Africa's share grew from 3 percent to 8 percent, marking a 167 percent increase. These regions may be serving as "proving grounds" for new malware and attack methodologies, NCC believes.

Industrials remained the most targeted sector since January 2021, with 143 attacks (30 percent) in May, up from 116 in April. Despite a 32 percent increase in attacks, its proportional share dropped slightly from 31percent to 30 percent highlighting the sector's persistent vulnerability to ransomware.

The technology sector saw a substantial 47 percent increase in attacks, rising from 49 to 72 month-on-month. This increase is attributed to the high value of data and intellectual property, substantial financial resources, and the prevalence of data and connected devices in tech companies.

Conversely, the consumer cyclicals sector experienced a slight decrease, with attacks dropping from 62 in April to 59 in May.

The overall rise of 114 ransomware attacks compared to April underscores an increasingly volatile cyber threat landscape.

The coming months will be critical in determining whether LockBit can maintain its current level of activity.

This article was originally published on our sister site, Computing.