Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

The weekly ransomware report, Friday, 16 February

Attacks skyrocket and LockBit continues to be public enemy number one when it comes to ransomware impact.

user icon David Hollingworth
Fri, 16 Feb 2024
The weekly ransomware report, Friday, 16 February
expand image

So much for the numbers being steady – this week, ransomware attacks around the globe jumped up by 29 per cent from last week’s 68 attacks to 119 for the week ending on 16 February.

This spike comes from a huge surge in activity from ransomware-as-a-service gang LockBit. In the last seven days, LockBit was responsible for practically a third of all attacks, claiming 39 victims.

Hunters International stormed into the top five and made it all the way to second spot, with 14 attacks of its own. For a group that’s only been active since the beginning of October 2023, Hunters is making quite an impact – it’s been responsible for 53 attacks in total since that time, largely against targets in the US.

============
============

ALPHV scored 10, Play targeted nine, and BackBasta was responsible for seven attacks. Apart from Play, pretty much every group was more active this week.

The 30-day trend continues to climb upward, too. There were a total of 399 ransomware incidents in the last 30 days, a 72 per cent climb from the previous period – not a great outcome. The three-month window is still trending down, with 24 per cent less than the last three months.

The US remains far and away the juiciest target, with 55 US entities falling victim to ransomware attacks – 20 more than last week. Unsurprisingly, pretty much every country in the top five saw more attacks. Seven UK companies became ransomware victims, followed by Canada, France, and newcomer Italy with six attacks each.

Last month, the lowest figure in the top five was just two. Austria, Canada, and France all tied with that figure.

Only one Australian organisation was observed this week, health supplement brand Kadac Australia. Medusa was the threat actor responsible and is demanding a US$100,000 ransom.

Building and construction remains the most targeted industry, though the number of groups targeting construction rose by only one, to nine this week. Again, all the other sectors targeted saw marked increases in entities struck, but the numbers aren’t quite so dramatic, suggesting that attacks this week were more spread out in terms of industries.

Healthcare and manufacturing come next, with seven and six organisations targeted, respectively. Education and IT services bump up considerably into the top 10, however, with five attacks each.

If it were just LockBit going off this week, we might expect this week’s uptick to be a bubble – but every ransomware gang was more active this week, which is a worrying prospect. There’s been a general feeling that attacks are trending downward over the last few months, and the possible hope for a light at the end of the tunnel.

I doubt there’s any such thing.

Just the numbers

There were 119 attacks in the last seven days, up 29 per cent from last week.

Threat actors

LockBit – 39 ransomware attacks, 33 per cent of total
Hunters International – 14
APLHV – 10
Play – 9
Black Basta – 7

Countries impacted

USA – 55 organisations targeted
UK – 7
Canada – 6
France – 6
Italy – 6

Industries

Building and construction – 9
Healthcare – 7
Manufacturing – 6
Education – 5
IT services – 5

A total of 4,131 ransomware findings so far this year and 57 threat groups tracked.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.