Ransomware Attacks Reach Record Levels

This post is also available in: עברית (Hebrew)

This September marks a never-before-seen level of ransomware attacks, with 514 victims exposed in leak sites and new threat actors emerging, as revealed by a report from NCC Group. The report states that the most targeted sectors are industrials, consumer cyclicals, and technology.

This achievement is partly due to the emergence of new threat actors, as some of the new threat actors already rank in the top five most active groups.

NCC’s Threat Pulse report claims that the recently formed threat actor LostTrust ranked as the second most active group, responsible for 10% of all attacks, and RansomedVC (another new group) placed fourth with 9% of attacks. LostTrust is known for its double extortion methods and is believed to have formed in March 2023, though it was “discovered” only in September.

According to Cybernews, the most active ransomware group during the tested period was the infamous Lockbit gang, while the widely successful Cl0p ransomware gang (responsible for the MOVEit attacks) was linked to only three attacks in September.

Unchanged from previous research, North America continues to be at the center of cybercriminals’ attention, with 258 attacks in September. Europe is still the second most targeted region with 155 attacks, followed by Asia in third place with 47.

Global Head of Threat Intelligence at NCC Group Matt Hull explained: “After the drop in ransomware attacks in August, the surge in attacks during September was somewhat anticipated for this time of year. However, what stands out is the volume of these attacks and the emergence of new threat actors who have been major drivers of this activity.”

Cybernews explains that threat actors are increasingly relying on the Ransomware as a Service (RaaS) model while diversifying their activities and finding new ways to pressure victims into paying ransom.