Global ransomware activity picks up again after a brief Q1 decline

Researchers attribute the increase to a marked increase in the activity of a select few productive ransomware operations


Image: Getty via Dennis

Global ransomware attacks are on the rise again after a remarkable first quarter of the year in which the number of detections fell.

Cybersecurity researchers have observed a 21.1% increase in ransomware attacks compared to the first quarter of 2022, driven by a massive increase in activity from three of the more productive active operations.

The AlphV group increased activity by 117.9% during the second quarter of this year, including a recent hack on Bandai Namco, while Palermo hackers Vice Society also claimed more victims, representing a 100% increase, Digital Shadows said. in a report.


LockBit was the most active operation, accounting for 32.77% of all successful ransomware attacks during the quarter, although activity only represented a 13.8% increase from Q1 activity.

These ransomware operations accounted for a significant portion of the total number of confirmed attacks, the researchers said, after some operations were remarkably closed over the same period, such as continuous in May, which saw activity down 37.4% from Q1 numbers.

The same researcher previously revealed that ransomware attacks dropped significantly, by 25% in Q1 2022 – a remarkable finding as ransomware activity rarely declines.

Analyzing the number of attacks claimed, researchers determined their numbers by using the leak locations of each known ransomware operation. Digital Shadows said LockBit claimed 231 casualties out of 705 in the quarter, a record for most casualties in a quarter.

LockBit drew attention this year for more than just the number of successful attacks. It also released the third version of its ransomware program, LockBit 3.0, earlier this month, and researchers said the code was very similar to that of BlackMatter’s, the group that succeeded Colonial Pipeline hackers DarkSide.

At the same time, it also announced the first known bug bounty hosted by a ransomware operation. The group invited all security experts to find flaws in the payload and offered a maximum reward of $1 million.

LockBit was also at the center of a successful PR stunt in June after it claimed to have successfully attacked cybersecurity firm Mandiant.

It followed the US-sanctioned Evil Corp which reportedly started using LockBit’s ransomware program in attacks earlier this year. This was important because it showed that Evil Corp was trying to evade US sanctions by using a different ransomware from a different operation.

By sanctioning Evil Corp, the US effectively banned any US company from doing business with the group, and it also meant that outside cybersecurity experts could not legally pay a ransom between the victim and Evil Corp.

If Evil Corp were to use LockBit, it could threaten the LockBit operation’s ability to generate payments via ransom, as it is associated with a sanctioned entity.

The public relations stunt involving the apparent hack on one of the world’s largest cybersecurity firms was intended to draw attention to LockBit.

When the group’s timer expired, usually indicating the time when it would leak a victim’s data as part of the double extortion model, rather than Mandiant’s data, LockBit released several files along with a note explaining that it was not affiliated with Evil Corp.

The US still a prime target

Organizations in the US were the most attacked this quarter, according to the researchers. More than 270 US organizations were attacked in the second quarter, compared to less than 60 in Germany, the next most attacked country.

Researchers said the US is likely to remain one of the most targeted countries as it is seen as the most profitable nation for cybercriminals.

According to the report, most countries saw an increase in attacks on their organizations. The UK was the third most attacked country with a 16.2% increase in successful attacks, although Germany and Canada saw the biggest increases with an increase of 66.7% and 50% respectively.

Researchers said they expect Q3 and Q4 numbers to rise steadily compared to Q2, but not dramatically.

© Dennis Publishing

Read more: Cybersecurity Ransomware

Get in Touch

Related Articles

Get in Touch


Latest Posts