TMCnet News
Ransomware Attacks Rise 45% in February, as LockBit Ramps Up Activity: NCC Group February 2023 Monthly Threat Pulse• February saw 240 ransomware attacks, a 45% increase over January • LockBit 3.0 most active threat actor with 129 ransomware attacks (54%), more than double its January activity • Industrials (33%), and Consumer Cyclicals (15%) most targeted sectors, while Consumer Non-Cyclicals (8%) third for the first time • Regional data shows North America (47%) target of almost half of ransomware attacks, followed by Europe (23%), and Asia (15%) Analysis from NCC Group’s Global Threat Intelligence team has revealed there were 240 ransomware attacks in February, a 45% increase from January. The volume of activity is the highest recorded by NCC Group for this period, up 30% over February 2022 (185), and 2021 (185). The considerable rise highlights the growing threat of ransomware attacks, as the threat landscape continues to evolve. Threat actors LockBit 3.0 drove the majority of February’s ransomware activity, with 129 ransomware attacks (54%). It marks a 150% spike in the group’s activity compared to January (50 victims), including an attack on UK mail delivery service, Royal Mail. The group was a driving force behind a rise in attacks on the Consumer Non-Cyclicals (12 victims) sector, while Industrials (43) and Consumer Cyclicals (20) were its most targeted. BlackCat (13%) were the second most active threat actor, followed by relatively new threat actor, BianLian (8%), with 20 victims. Despite this sharp spike in activity, their level of attacks in February is still less than it was in December 2022, indicative of BinLian’s usual pattern of activity, whereby it has peaks and troughs throughout the year. Regions North America (47%) was the target of almost half of February’s activity, with 113 victims. Europe (23%), and Asia (15%) followed, with 56 and 35 attacks respectively. Sectors While Industrials (33%) and Consumer Cyclicals (15%) remained the most targeted sectors, LockBit’s targeting of Consumer Non-Cyclicals (8%) - companies in the likes of utilities, healthcare and other consumer staples - escalated it to the top three for the first time, with 20 incidents. This represents a 150% increase in victims in this sector since January. Spotlight: Is this the end of threat actor Hive? This month, threat actor Hive claims the spotlight after the US Department of Justice reported in January 2023 that the FBI had infiltrated Hive’s network and seized their infrastructure in a coordinated international effort. This infiltration began in July 2022, and among this was Hive’s leak site and various servers which were located in Los Angeles. In addition to the takedown, US and UK authorities sanctioned seven alleged members of the group, all believed to be Russian nationals. Although these operations have been taken down, it's widely reported that Russian cybercriminals are protected by the state, implying that while Hive have lost their digital assets, its members will likely continue operating under a different guise. Matt Hull, global head of Threat Intelligence at NCC Group, said: “In February we observed a surge in ransomware activity, as expected when coming out of the typically quieter January period. However, the volume of ransomware attacks in January and February is the highest we have ever monitored for this period of the year. It is an indication of how the threat landscape is evolving and threat actors show no signs of reducing ransomware activities. As a community-building service, TMCnet allows user submitted content which is not always proofed by TMCnet editors. If you feel this entry is of inferior quality or wish to report it for some reason, please forward the URL to "webedit [AT] tmcnet [DOT] com" with your comments. |