Content, Content, Ransomware

Lockbit 2.0, Conti Dominate Ransomware Attack Activity

Cybercrime, piracy and data theft. Network security breach. Compromised computer showing skull and bones symbol. Digital 3D rendering concept.

The number of victims of ransomware attacks in North America and Europe numbered 283 in March, 2022, a 53 percent spike from the prior month’s 185 incidents and a 38 percent rise from the same period last year, the U.K.-based NCC Group said in its monthly Threat Pulse report.

The sudden climb follows a relative lull in activity in January, 2022 and December, 2021, according to the cybersecurity consultant’s data. For March, 2022, North America reported 44 percent of all attacks, leading Europe, which accounted for 38 percent of events.

Lockbit 2.0 and Conti were responsible for 59 percent of the total attacks reported in March, with the former accounting for some 96 of the 283 identified incidents. The syndicate’s favored target remained the industrial sector with 34 percent of its infiltrations aimed in that direction. Other targeted sectors include consumer cyclicals (21%) and technology (7%).

“We can see that ransomware attacks are continuing to spike as the year progresses, showing just how critical it is for organizations to have the appropriate security measures in place to protect themselves,” said Matt Hull, NCC global lead for strategic threat intelligence. “Those working within industrials should be especially vigilant, given how trends show this sector continues to be the most frequently targeted.”

In March, 2022, Conti orchestrated 71 of the attacks, with Hive accounting for 26 incidents, slightly more than BlackCat’s 23. Of late, Lapsus$, which first appeared last December and has since breached multiple large enterprises, has attracted more attention in the last four months, NCC said. Lapsus$ operates unlike traditional ransomware groups in that it does not use encryption methods. Instead it beaches a company’s defenses and threatens to leak its confidential data. As a result, it should be considered an extortion group, employing a ‘hack and leak’ approach to target the confidentiality of victims’ data, NCC said. It promotes its operations by announcing its victims on social media.

“Though not the most active player, the continued growth in attacks from Lapsus$ goes to show the ever-evolving nature of the threat landscape, and the high-profile nature of its victims reiterates how organizations of all sizes are at risk within it,” said Hull.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.