Without a doubt, Lockbit has emerged as the most active ransomware group this summer, closely followed by two subdivisions of the Conti group.
Ransomware attacks, following a brief downturn, are once again on an upward trajectory. The revival is primarily driven by established ransomware-as-a-service (RaaS) collectives, as per the information put forth by NCC Group.
By vigilantly observing the data leakage platforms utilized by distinct ransomware factions and collecting victim information as it becomes accessible, experts have concluded that Lockbit outpaced all other ransomware groups in July, executing 62 attacks. This number surpasses the previous month’s tally by ten and doubles the combined total of the second and third most active groups. “Lockbit 3.0 continues to dominate as the most formidable ransomware threat,” stated the researchers, “and it is crucial for all enterprises to be cognizant of its existence.”
The groups following closely behind in terms of abundance are Hiveleaks, with 27 attacks, and BlackBasta, with 24 attacks. The numbers indicate a swift escalation for both groups – a colossal 440 percent increase for Hiveleaks and a significant 50 percent surge for BlackBasta since June.
The comeback of ransomware attacks may indeed be closely tied to the emergence of these two specific groups.
The Resurgence of Ransomware
The NCC Group research team recorded 198 successful ransomware attacks in July, marking a 47 percent increase from the previous month. While this surge is significant, it doesn’t reach the peak experienced earlier this year, when almost 300 such attacks were reported in both March and April.
Why the Sudden Whirlwind?
In May, the US government took assertive action against Russian cybercrime. It dangled a hefty reward of up to $15 million for valuable insights into Conti, known at that time as the most notorious ransomware group globally. The report authors hypothesized that the criminals were in the process of organizational restructuring, adjusting to new operational methods, which led to a surge in their overall hacking success rate.
The emergence of Hiveleaks and BlackBasta are outcomes of the said reformation. The creators pointed out that both groups are linked to Conti, with Hiveleaks being a partner and BlackBasta serving as a substitute variant. Therefore, it seems that Conti’s influence has swiftly permeated back into the realm of cybersecurity threats, albeit cloaked in a fresh persona.
Given the recent division of Conti into two distinct parts, the writers hypothesized that it wouldn’t be shocking if we witness a further escalation in these numbers as we step into August.