A new report by NCC Group sheds light on the threat landscape for the past month (July 2022). Apparently, ransomware attacks are once again on the rise, with LockBit being the most active ransomware in the wild. What else has the report revealed?
Related Story: Top 10 Malware Threats Detected in 2021
The State of Ransomware and Malware in July 2022
According to NCC Group’s Global Threat Intelligence statistics, the ransomware threat landscape continues to evolve significantly. Attacks rose from 135 in June to 198 in July, which makes a 47% increase.
“The escalation in ransomware attacks comes amidst the rise of several new threat actors, with newcomer Lockbit 3.0 taking the top spot followed closely by Conti-associated threat actors Hiveleaks and BlackBasta, that are settling into a new way of operating,” the report noted. It is noteworthy that LockBit operators just expanded their modus operandi by adding DDoS and triple extortion to their threat arsenal.
Lazarus Group has also regained its strength as it reportedly launched a number of multi-million-dollar attacks related to cryptocurrency. The prominent threat group has been targeting organizations in the cryptocurrency and blockchain industries. In their latest attacks, the hackers used trojanized cryptocurrency applications and social engineering tricks to lure employees into downloading and running malicious Windows and macOS apps.
Related Story: ClipMiner Trojan Operation Made $1.7 Million from Crypto Mining and Clipboard Hijacking
“This month’s Threat Pulse has revealed some major changes within the ransomware threat scene compared to June, as ransomware attacks are once again on the up. Since Conti disbanded, we have seen two new threat actors associated with the group, Hiveleaks and BlackBasta, take top position behind LockBit 3.0. It is likely we will only see the number of ransomware attacks from these two groups continue to increase over the next couple of months,” said Matt Hull, Global Head of Threat Intelligence at NCC Group.
Mostly Targeted Sectors and Regions
Last month, the industrial sector remained the most targeted one, making up a third of ransomware attacks with 32%, followed by Consumer Cyclicals (17%), and Technology (14%). In terms of regions, North America is the most targeted region with 42%, overtaking Europe (40%) for the first time in the last couple of months.