iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Ransomware attacks are occurring at record levels, with September marking the highest number of ransomware attacks ever recorded. But it’s not the big player ransomware gangs that are driving the growth.
According to a report by the NCC Group released this month, September saw a 153 per cent year-on-year increase in ransomware attacks, with a total of 514 victims having their data posted on leak sites.
Prior to this, July 2023 held the record at 502 attacks, while August saw a dip in ransomware attacks.
The jump in ransomware attacks is not being attributed to the big-name ransomware syndicates like ALPHV and Clop, but rather the new kids on the block.
While the prolific LockBit 3.0 still topped the podium for the most active ransomware group, second on the ladder was LostTrust, a group that formed in March this year but remained widely obscure until September, when it was responsible for 53 ransomware attacks, roughly 10 per cent.
Observing the VenariX threat feed, Cyber Daily found that LostTrust conducted 49 ransomware attacks on 27 September alone; however, different threat feeds often show different results, so it’s hard to give an accurate number.
The group was closely followed by Ransomed.vc in the fourth spot, which conducted 44 attacks, making up 9 per cent (as per NCC Group). The group gained mass media coverage after it launched an attack on Japanese electronics giant Sony on 24 September.
In comparison, major ransomware syndicate Clop conducted a mere three ransomware attacks.
NCC Group global head of threat intelligence Matt Hull said the growth in September was expected, but the level they reached was a surprise.
“After the drop in ransomware attacks in August, the surge in attacks during September was somewhat anticipated for this time of year,” he said.
“However, what stands out is the volume of these attacks and the emergence of new threat actors who have been major drivers of this activity.”
Like the well-known groups, these groups adopt existing ransomware techniques like the double-extortion model, which involves threat actors both stealing and encrypting data to further pressure victims to pay ransom.
Hull added that while these groups’ methods mimic the larger syndicates, they are also diversifying, showing the way in which the bar for entry into the cyber crime world is getting lower and lower.
“New threat actors are … increasingly embracing ransomware-as-a-service (RaaS) model, whilst diversifying their activities and creating ‘unique selling points’,” he said.
“The influx of new groups is evidence of the evolving nature of global ransomware attacks. There’s a focus on ramping up pressure on victims, a tactic successfully employed by the likes of RansomedVC, as we saw with its attack on Sony last month.
“It’s likely that we’ll see other new groups explore these methods of increasing pressure on victims to comply with other variations of RaaS in the coming months.”
Be the first to hear the latest developments in the cyber industry.
