Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

New ransomware groups spur attack growth to record levels

Ransomware attacks are occurring at record levels, with September marking the highest number of ransomware attacks ever recorded. But it’s not the big player ransomware gangs that are driving the growth.

user icon Daniel Croft
Thu, 26 Oct 2023
New ransomware groups spur attack growth to record levels
expand image

According to a report by the NCC Group released this month, September saw a 153 per cent year-on-year increase in ransomware attacks, with a total of 514 victims having their data posted on leak sites.

Prior to this, July 2023 held the record at 502 attacks, while August saw a dip in ransomware attacks.

The jump in ransomware attacks is not being attributed to the big-name ransomware syndicates like ALPHV and Clop, but rather the new kids on the block.

============
============

While the prolific LockBit 3.0 still topped the podium for the most active ransomware group, second on the ladder was LostTrust, a group that formed in March this year but remained widely obscure until September, when it was responsible for 53 ransomware attacks, roughly 10 per cent.

Observing the VenariX threat feed, Cyber Daily found that LostTrust conducted 49 ransomware attacks on 27 September alone; however, different threat feeds often show different results, so it’s hard to give an accurate number.

The group was closely followed by Ransomed.vc in the fourth spot, which conducted 44 attacks, making up 9 per cent (as per NCC Group). The group gained mass media coverage after it launched an attack on Japanese electronics giant Sony on 24 September.

In comparison, major ransomware syndicate Clop conducted a mere three ransomware attacks.

NCC Group global head of threat intelligence Matt Hull said the growth in September was expected, but the level they reached was a surprise.

“After the drop in ransomware attacks in August, the surge in attacks during September was somewhat anticipated for this time of year,” he said.

“However, what stands out is the volume of these attacks and the emergence of new threat actors who have been major drivers of this activity.”

Like the well-known groups, these groups adopt existing ransomware techniques like the double-extortion model, which involves threat actors both stealing and encrypting data to further pressure victims to pay ransom.

Hull added that while these groups’ methods mimic the larger syndicates, they are also diversifying, showing the way in which the bar for entry into the cyber crime world is getting lower and lower.

“New threat actors are … increasingly embracing ransomware-as-a-service (RaaS) model, whilst diversifying their activities and creating ‘unique selling points’,” he said.

“The influx of new groups is evidence of the evolving nature of global ransomware attacks. There’s a focus on ramping up pressure on victims, a tactic successfully employed by the likes of RansomedVC, as we saw with its attack on Sony last month.

“It’s likely that we’ll see other new groups explore these methods of increasing pressure on victims to comply with other variations of RaaS in the coming months.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.