Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

The weekly ransomware report, Friday, 8 March

LockBit finally has a competitor, and numbers drop overall – plus China gets hacked!

user icon David Hollingworth
Fri, 08 Mar 2024
The weekly ransomware report, Friday, 8 March
expand image

The LockBit gang continues to post victims, suggesting that its infrastructure may be up and running after its apparent takedown by a coalition of law enforcement agencies.

But it’s not sharing the top spot alone – the Medusa ransomware gang racked up 13 very unlucky victims in the past seven days, tying with LockBit. Between them, the two ransomware operators chalked up 38 per cent of all attacks.

The Stormous gang made a new appearance in the top five, with seven attacks, while Akira and 8Base were responsible for five and four incidents, respectively.

============
============

Thankfully, overall numbers are down this week. Sixty-seven ransomware incidents were observed by FalconFeeds.io this week. We should also mention that a ransomware gang we were previously looking at, criminal start-up Mogilevich, has outed itself as a scam operation. It managed to trick several would-be hackers into signing up as an affiliate, milking them out of their money for the privilege.

Absolutely no honour among thieves, it seems.

The 30-day trend, though, which had been trending down for some weeks, has started to tick back up again – there were 22 per cent more attacks in the last 30 days. However, the longer three-month view is catching up where previous 30-day trends had been and is now heading downwards. The last three months saw 24 per cent fewer attacks than the previous reporting period.

One Australian firm found itself being touted on a darknet leak seat in the last week. Physical security firm Global Zone was listed 8Base’s leak site. We don’t have a lot of details about this hack; we have reached out to the company for comment.

The US is still the most attacked country globally, with 32 US entities falling victim to ransomware. While attacks were down overall, Canadian and German organisations had a sharp increase, with seven and six attacks, respectively.

But the big news is that three Chinese organisations have been hit by ransomware, bringing it into the top 10 for the first time in months. So much for that Great Firewall of China joke last week! LockBit, ALPHV, and a newcomer to this report, Mallox, each targeted a Chinese entity this month. Macau-based kitchenware tech company EWIG, Hong Kong-based clothing maker High Fashion, and communications tech outfit Sunwave were the victims.

Manufacturing takes a well-earned break from being the most targeted sector this week, though it does still come second, with five manufacturers becoming ransomware victims. Sadly, that’s only because IT services suffered the same number of attacks. However, as an illustration of just how evenly spread the numbers are this week, that figure of seven attacks only makes up 7 per cent of the total.

Legal firms, construction companies, and retailers make up the rest of the top five most targeted industries this month, with four attacks apiece.

Just the numbers

Sixty-seven attacks in the last seven days, down 37 per cent from last week.

Top 5 threat actors

Medusa – 13 attacks, 19 per cent of total
LockBit – 13
Stormous – 7
Akira – 5
8Base – 4

Countries impacted

USA – 32 organisations targeted
Canada – 7
Germany – 6
China – 3
Belgium – 2

Industries

IT services – 5, which is 7 per cent of total
Manufacturing – 5
Law firms – 4
Construction – 4
Retail – 4

A total of 4,397 ransomware findings so far this year, and 61 threat groups tracked in the last year.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.