- Ransomware attack activity jumped 26% from August to September, hitting 202 victims and reaching a number of cases not observed since May, according to NCC Group’s Monthly Threat Pulse report. Last year still holds the lead for monthly highs.
- The jump in ransomware was partly accelerated by a summer spree of attacks initiated by the LockBit ransomware group, which was responsible for more than half of all attacks tracked by NCC Group’s threat intelligence team in September. The prolific threat actor first appeared in September 2019 and is now on version 3.0 of its ransomware strain and payloads.
- While month-to-month ransomware activity ebbs and flows, the sectors most heavily targeted and hit by attacks have held steady, according to NCC Group. The industrials sector — including construction, manufacturing, distribution and engineering products, among others — was the most-targeted industry in September with 57 incidents and accounting for more than one-quarter of attacks. Attacks on industrials doubled the next most-hit target, consumer cyclicals.
Ransomware activity remains tumultuous with the number of monthly incidents tracked by NCC Group dipping as low as 121 in January 2022 and up to 288 three months later.
So far this year, the monthly high for ransomware attacks is below last year’s highs. Threat researchers tracked 314 attacks in October 2021, and the monthly high for 2022 thus far stands at 288.
The number of ransomware attacks remained tumultuous in 2022
While ransomware activity goes up and down month to month, LockBit’s heightened level of activity has been relatively consistent.
NCC Group pinned 105 ransomware attacks to LockBit during September 2022, making it the largest monthly increase in total victims for the group since January. LockBit was responsible for almost 90 attacks in September 2021.
The ransomware group has claimed responsibility for more than 12,000 attacks on its leak site, including the June 18 attack on cybersecurity vendor Entrust. Broadcom’s threat hunting team at Symantec observed LockBit affiliates infiltrating on-premises servers during the summer to spread malware on targeted networks.
The opportunistic and sometimes short-lived nature of specific ransomware threats was further evidenced by the mid-September emergence of Sparta, a new threat actor that successfully compromised 12 victims in one day, according to NCC Group.
“Against a backdrop of continuous change for threat actor groups, ransomware attacks are once again on the rise,” Matt Hull, global head of threat intelligence at NCC Group, said in a statement.