Recently updated LockBit 3.0 Ransomware There appears to be a substantial increase in recorded ransomware attacks in July, with incidents up 47% month-on-month, according to the latest monthly threat data. NCC Group.
LockBit’s operators released version 3.0 at the end of June under the tagline “Make Ransomware Great Again”. Its new features include additional means of monetization, where payments are now accepted in more cryptocurrencies than ever before, post-payment data recovery and even destruction. Most notably, the group is now one Bug bounty programand seems particularly interested in hearing about any bugs in its code that might enable outsiders to obtain its decryption tools.
Within weeks of its launch, Lockbit became by some margin the dominant ransomware strain seen in the wild, accounting for 52 of the 198 NCC victims recorded in July, or 26% of the total. Two other groups – associated with both of them Former Conti-Linked Affiliate – July was also very active: Hiveleaks, which hit 27 organizations; and Blackbastawhich hit 24.
“This month Threat Pulse Compared to June, the ransomware threat landscape revealed some major changes, as ransomware attacks continue to increase,” said Matt Hull, NCC Global Head of Threat Intelligence.
“Since Conti broke out, we’ve seen two new threat actors linked to the group – Hiveleaks and BlackBasta – top positions behind LockBit 3.0. It is likely that we will see the number of ransomware attacks from these two groups continue to increase over the next few months.”
Elsewhere, the North Korea-aligned Advanced Persistent Threat (APT) group Lazarus A campaign of cyber extortion continues after a $100m crypto theft Harmony Horizon Bridge In late June, and with earlier attacks A big $600m hit on Axie Infinity.
Hull notes that Lazarus’ increased activity is likely a result of North Korea’s continued shrinking economy, forcing the isolated government to lean more on crime to obtain much-needed hard currency. As previously reported, this trend has been observed by the US government Increase the prize money on offer Anyone can advise members of the Lazarus Group.
In terms of other ransomware trends, verticals under attack were consistent in July, with industrial companies being the most targeted, accounting for 32% of incidents seen by NCC. It was followed by consumer cyclicals – which includes automotive, entertainment and retail – at 17% and technology at 14%.
The NCC found North America to be the top target for ransomware attacks, with 42% of incidents during the period, reclaiming the “prestigious” number one spot from Europe after two months.
As always, it’s important to note that threat data produced by a provider is proprietary and typically reflects conditions only based on that provider’s own network telemetry or collected from its incident response team, so may not be completely accurate. Other sources of threat information are available.