In September, there was an unprecedented surge in ransomware activity, which came after a period of reduced activity in August, although the August levels were still higher than usual for summer months. According to data from NCC Group, there were 514 ransomware attacks in September, surpassing the activity in March 2023 when there were 459 attacks. March 2023 was notable for the data theft attacks by the Clop ransomware group.
Interestingly, Clop, which was highly active in March, had almost no activity in September. This might suggest that this sophisticated ransomware group is preparing for a major upcoming attack.
However, other threat groups contributed to the record levels of ransomware activity in September. LockBit 3.0 led with 79 attacks, followed by LostTrust with 53 attacks, and BlackCat with 47 attacks. LostTrust, a newcomer, quickly rose to second place in the list of threat actors. It is believed to be a rebranded version of MetaEncryptor due to significant code similarities. LostTrust has already encrypted the networks of many organizations, leading to data leaks in some cases.
RansomedVC, a new player in extortion attacks using GDPR reporting threats, ranked fourth in NCC’s list with 44 attacks. However, it’s worth noting that some of the attacks attributed to RansomedVC were later found to be exaggerated. This indicates that around one in five ransomware attacks in September were carried out by new ransomware operations, underscoring their aggressiveness and scalability.
Regarding the regions targeted, North America had the highest share with 50%, followed by Europe with 30%, and Asia with 9%. The most targeted sectors included industrials (such as construction and engineering) with 169 attacks, consumer cyclicals (including retail and media) with 94 attacks, technology (covering software, IT services, networking, and telecommunications) with 52 attacks, and healthcare with 38 attacks.
In terms of the overall trend, NCC’s report indicates that from January 2023 to September 2023, there have been nearly 3,500 recorded ransomware attacks. It is anticipated that this number will approach 4,000 by the end of the year. Another report by Chainalysis earlier in the year also predicted that 2023 would be a record-breaking year for ransomware payments based on projected data.
Despite the ongoing efforts of law enforcement to combat the issue, ransomware continues to be a constantly evolving threat, with attackers employing increasingly sophisticated methods and tactics to gain initial access and deliver malicious payloads to organizations.