Surge In Global Ransomware Attacks As LockBit Returns

LockBit 3.0 resurfaces as leading threat actor.

clock • 3 min read
Surge In Global Ransomware Attacks As LockBit Returns

Global ransomware attacks saw a significant increase in May, with incidents rising by 32 percent month-on-month from 356 to 470 and by 8 percent year-on-year from 435 to 470, according to UK cybersecurity firm NCC Group's latest monthly Threat Pulse report.

In a notable development within the ransomware landscape, LockBit 3.0 has resurfaced as the leading threat actor. Previously dormant following a takedown, LockBit 3.0 accounted for 37 percent of all attacks in May, a staggering 665 percent month-on-month increase from 176 attacks. Play, which held the top position previously, was relegated to second place with 32 attacks (7 percent), while RansomHub maintained third position with 22 attacks (5 percent), a 19 percent decrease from the previous month.

New threat actors have also emerged in the top 10 for May, according to the report. DAn0N, initially observed in April, ranked eighth with 13 attacks (3 percent) and favors the double extortion method. Underground, also favoring double extortion, ranked ninth with 12 attacks (3 percent). Arcus Media, a newly established ransomware operator, entered the top 10 in tenth place with 11 attacks (>3 percent), notable for its unique, non-repurposed malware.

Matt Hull, global head of threat intelligence at NCC Group says: "Following the takedown of LockBit 3.0 earlier this year, speculation has swirled around whether the group would simply dissolve, as we've seen with other threat groups like Hive.

"However, the current surge in victim numbers suggests a different story. It's possible that amidst law enforcement action, LockBit not only retained its most skilled affiliates but also attracted new ones, signaling their determination to persist. Alternatively, the group might be inflating their numbers to conceal the true state of their organization."

Regional Shifts In Ransomware Targets

North America and Europe remained the primary targets, accounting for 77 percent of all attacks. However, North America's proportion of global attacks decreased from 58 percent to 49 percent, despite an 11 percent increase in absolute numbers. Europe experienced a 65 percent increase in attacks.

Significant increases were also observed in other regions. South America saw its share of global attacks rise from 5 percent to 8 percent month-on-month, a 60 percent increase. Africa's share grew from 3 percent to 8 percent, marking a 167 percent increase. These regions may be serving as "proving grounds" for new malware and attack methodologies, NCC believes.

Sector-Specific Attack Trends

Industrials remained the most targeted sector since January 2021, with 143 attacks (30 percent) in May, up from 116 in April. Despite a 32 percent increase in attacks, its proportional share dropped slightly from 31percent to 30 percent highlighting the sector's persistent vulnerability to ransomware.

The technology sector saw a substantial 47 percent increase in attacks, rising from 49 to 72 month-on-month. This increase is attributed to the high value of data and intellectual property, substantial financial resources, and the prevalence of data and connected devices in tech companies.

Conversely, the consumer cyclicals sector experienced a slight decrease, with attacks dropping from 62 in April to 59 in May.

The overall rise of 114 ransomware attacks compared to April underscores an increasingly volatile cyber threat landscape.

The coming months will be critical in determining whether LockBit can maintain its current level of activity.

This article was originally published on our sister site, Computing. 

You may also like
Malicious Python Packages Found Exfiltrating User Data To Telegram Bot

Security

Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers

clock 07-16-2024 • 2 min read
Remote Access Firm TeamViewer Hit By Russian Intelligence Cyberattack

Security

The intrusion was restricted to internal systems, the company said.

clock 07-01-2024 • 2 min read
Biden Administration Bans Kaspersky Software Over Security Concerns

Security

Commerce secretary Gina Raimondo highlighted threats to critical infrastructure, while Kaspersky plans legal action.

clock 06-21-2024 • 3 min read

More on Security

Malicious Python Packages Found Exfiltrating User Data To Telegram Bot

Malicious Python Packages Found Exfiltrating User Data To Telegram Bot

Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers

John Leonard
clock 07-16-2024 • 2 min read
Mammoth Microsoft Patch Tuesday Fixes Four Zero-Days, Five Critical Bugs

Mammoth Microsoft Patch Tuesday Fixes Four Zero-Days, Five Critical Bugs

142 holes plugged this month

John Leonard
clock 07-12-2024 • 3 min read
Remote Access Firm TeamViewer Hit By Russian Intelligence Cyberattack

Remote Access Firm TeamViewer Hit By Russian Intelligence Cyberattack

The intrusion was restricted to internal systems, the company said.

clock 07-01-2024 • 2 min read