NCC Cybersecurity Study: Notorious Lazarus Group Returns to Crypto, Ransomware Prominence

1. The ransomware threat scene continues to evolve following the disbanding of Conti, as ransomware attacks rose from 135 in June to 198 in July, representing a 47% increase.
2. The escalation in ransomware attacks comes amid the rise of several new threat actors, with newcomer Lockbit 3.0 taking the top spot followed closely by Conti-associated threat actors Hiveleaks and BlackBasta.
3. North Korea-backed APT Lazarus Group returns to prominence, following several multi-million-dollar cryptocurrency-focused attacks earlier this year.
4. Industrials remain the most targeted sector, as it made up a third (32%) of ransomware attacks, followed by Consumer Cyclicals (17%), and Technology (14%).
5. North America claims the spot for most targeted region (42%), overtaking Europe (40%) for the first time in 2 months. The last time we saw North America as a top target was back in May.
6. Lockbit 3.0 moves into pole position as the top ransomware variant this month with 52 incidents. The rise in prominence from Hiveleaks (27 victims), and BlackBasta (24 victims) may represent a possible regrouping of former Conti members as new, smaller factions.
7. Lazarus Group claims the spotlight following a number of financial cyber crimes to aid the North Korean state earlier this year, including cryptocurrency thefts and suspected ransomware adoption. These include the $600 Million Cryptocurrency Heist on Axie Infinity, and the $100 Million Crypto Heist on Harmony’s Horizon Bridge.
8. The U.S. is offering $10 million to any individual who can provide valuable intelligence on any of the operators within Lazarus Group.

“Following two major cryptocurrency heists, Lazarus Group seems to be improving their crypto-theft and ransomware operations, so it is more important than ever to monitor their activity closely. Cryptocurrency organizations in the U.S., Japan and South Korea should remain on high alert."