Ransomware boom hits record high

esteria.white

Reported incidents of ransomware attacks reached an all-time high in September, with more threat actors joining the criminal fray in a dual extortion operation against a mix of organizations.

This slight increase represents a 153% year-over-year increase in ransomware attacks, according to the CCN Group (PDF). Researchers tracked 514 attacks in September, surpassing July’s total of 502. The increase in reported incidents represents a 76% increase in the number of double-extortion ransomware attacks where adversaries exfiltrate sensitive data, encrypt it on assets controlled by the victim, and ultimately release the data publicly. on illicit online forums.

New gangs emerge, an old one remains silent

The geographic targeting of September’s attacks followed a similar pattern to previous months: North American organizations were the most popular target, attracting 50% of attacks, followed by Europe with 30% and Asia with 9%. %.

The most prolific attacker in September was LockBit 3.0 (who led 79 attacks), followed by newcomer Lost trust (53 attacks), Black cat (47), and another newcomer, RansomedVC (44).

The Cl0p cybergang, suspected of being responsible for a wave of violence, was particularly absent from the September list. MOVEit attacks earlier this year.

CREDIT: CNC Group

“Cl0p is typically among at least the top 3 threat actors in terms of activity during the month. However, as we mentioned in August’s Threat Pulse, Cl0p kept a significantly lower profile with only three kills that month and has now completely disappeared from our list. dataset in September,” NCC Group said.

RansomedVC makes a great first impression

New in September is a criminal group called RansomedVC (also known as ransomed(.)vc or Ransomed). The ransomware group emerged in August and is credited with a series of attacks, including a recent breach of Sony systemsTHE District of Columbia Board of Elections and claims to have Compromised Colonial Pipeline – an allegation that the company denies.

“Ransomed also added a slight variation to its extortion method by stating that any vulnerabilities found in its targets’ networks would be reported under the European General Data Protection Regulation (GDPR),” the researchers said. NCC.

Click for more special coverage

European organizations face hefty fines for data breaches and may also be required to pay compensation to affected individuals. NCC said RansomedVC’s GDPR threats were an attempt to put additional pressure on its victims to pay its ransom demands.

Two other recently discovered threat groups that NCC observed ramping up their ransomware activities in September were Cactus and Trigona.

Cactus was first identified around March and was known to target high-profile commercial entities by exploiting known vulnerabilities in VPN devices to gain initial access, researchers said.

Trigona appears to have been around since at least June 2022 and tended to target compromised Microsoft SQL servers using brute force methods.

Leave a comment