According to a new report into ransomware across the second quarter of 2022, it would appear that far from being on the decline, ransomware really is back in business. Dangerous new gangs have emerged to take over from busted criminal groups and account for a worrying surge in successful ransomware attacks.
The newly published Digital Shadows Q2 Ransomware Report analyzed threat actor activity on ransomware data-leakage sites and channels among other things. Ivan Righi, a senior threat intelligence analyst at Digital Shadows, found the second quarter of 2022 to have been both significant and highly active as far as ransomware gangs are concerned. This was terrible news for at least 705 organizations because that’s the number that were actually compromised.
Conti kiboshed, dangerous new players enter the ransomware arena
In sharp contrast to the first quarter of the year, which saw a decline in successful ransomware activity, quarter two revealed a rise of 21%. This despite some of the most notorious criminal organizations, such as Conti, for example, eventually ceasing operations. Successful Conti ransomware incidents were unsurprisingly, therefore, down by 37.4% from the previous quarter.
“Dangerous new gangs emerged,” Righi says, with ransomware actors continuing to “develop and evolve their tactics.” Indeed, Digital Shadows has seen evidence of new tools being used for both initial access and attack continuation.
The LockBit threat actors have proved to be the successor to Conti in many ways, not least already overtaking that group in the total numbers of victims: Conti had shy of 900 over its lifetime, and LockBit is not far off 1,000 already. Regarding the quarterly report, LockBit was by far the most active, being involved in some 33% of all the successful ransomware attacks listed on those data-leak channels. Of the 705 victims referenced in this analysis, LockBit accounted for the compromise of 231 of them.
With the release of LockBit 3.0, the criminal group announced a bug bounty program offering cash rewards for exploits related to high-value targets and pay-outs starting at $1,000. The good news is that it appears there haven’t been many takers. Righi spotted threads on a Russian language cybercrime forum where the bounties on offer were dismissed as being too low, and doubt was expressed if anyone would actually get paid anyway.
Ransomware attacks by country and sector
By sector, industrial goods and services was the most targeted, with twice the number of attacks compared to technology in second place. By country, the U.S. was far and away the most targeted nation, with the numbers of victims accounting for a whopping 38.9% of the total. While Germany in second place and the United Kingdom in third saw the numbers of attacks increasing, the victim numbers for each were but a fraction of the U.S. totals.
What should you and your organization take away from this report? The answer is that now is certainly not the time to drop your guard against ransomware threats.
What this means, in practical terms, is getting the basics of security hygiene right: monitor and patch all the things, get on top of multi-factor account authentication, employ network segmentation and make sure employees know what threats to look out for in their day to day online interactions.