Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

The weekly ransomware report, Friday, 1 March

LockBit returns like nothing ever happened, as the number of incidents jumps by 25 per cent.

user icon David Hollingworth
Fri, 01 Mar 2024
The weekly ransomware report, Friday, 1 March
expand image

It was simply too good to last.

Within days of its darknet leak site being dramatically seized by an international coalition of law enforcement agencies, LockBit returns and is back at the top in terms of ransomware incidents this month.

This week, LockBit was responsible for a total of 12 ransomware incidents, though that figure is a little – well, it’s rather dodgy. This includes victims that were posted to its now-seized infrastructure pre-takedown but have been reposted on the new site. It also includes some victims who have since been taken down from the site again.

============
============

There are some apparently new victims, but one current line of thinking is that LockBit’s simply posting historical data – it’s not claimed any new victims. We’re counting LockBit as is for completeness’ sake this week, but be aware the numbers are a bit flexible in this instance. It remains to be seen whether LockBit can get back up to its previous high tempo of attacks, and we hope they don’t manage it.

Regardless, that figure of 12 victims makes up 16 per cent of the total incidents observed over the last seven days – 75 attacks all told, up by a quarter from last week’s total of 51.

ALPHV and Black Basta were responsible for six attacks apiece, followed by 8Base on five and Medusa up to four. Black Basta was the only top-five gang to see its numbers drop – everyone else was far more active this week.

Looking further back, the 30-day trend is continuing upwards, while the three-month line continues to trend down.

We’re also now tracking 59 groups, up one. The newcomer this week appears to be RansomHub, which only really emerged in the last week of February, with three victims claimed. We’ll take a closer look at this new operation next week.

It should surprise no one that the US remains target number one, at least in terms of disclosed attacks. Forty-two American entities fell victim to ransomware in the last seven days. Canada is in second but way behind (thankfully for the Canadians!) with just four attacks.

While we can’t see any other country overtaking the US any time soon, the rest of the top five figures are all so close in the number of attacks – all in the low to mid-single figures – that it’s quite a volatile situation. Only a few attacks either way could see a country hit number two, or a few less see it drop out of the top five altogether.

There was one Australian victim in the last seven days – retail software vendor GaP Solutions. The company fell victim to LockBit on 29 February, but the gang has not made any claims about the amount of data or what kind it might have, which is rare for LockBit. It’s possible the attack was not a severe one, and we’re investigating LockBit’s claim ourselves.

The manufacturing sector saw 12 organisations hit by ransomware attacks, making up 12 per cent of all observed incidents. Healthcare is next with eight attacks, and with gangs like ALPHV now actively encouraging its affiliates to target hospitals, we’re expecting the sector will get hit a bit harder than usual.

The transportation, construction, and legal sectors round out the top five, with four attacks each.

Just the numbers

Seventy-five attacks in the last seven days, up 25 per cent from last week.

Threat actors

LockBit – 12, which is 16 per cent of the total
ALPHV – 6
Black Basta – 6
8BASE – 5
Medusa – 4

Countries impacted

USA – 42 organisations targeted
Canada – 4
Netherlands – 3
UK – 3
Italy – 2

Industries

Manufacturing – 9, which is 12 per cent of the total
Healthcare – 8 (rise of gangs now actively targeting)
Transportation – 4
Construction – 4
Law firms – 4

A total of 4,314 ransomware findings so far this year, and 59 threat groups tracked.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.