According to data collected by NCC Group and published with his Threat Pulse of September, last month saw a record increase in ransomware attacks. Specifically, we are talking about an increase in cases equal to 153%.
The most active groups, specifically, seem to have been:
- LostTrust
- RansomedVC
- LockBit
- clop
When it comes to campaign objectives, North America once again tops the list with 258 attacks (an increase in 3%). In second place is Europe (with an increase of 2%) with 155 cases, while Asia is in third place with 47 attacks (increase in8%).
From a sector perspective, this is of some concern healthcareby virtue of an increase in 15% of cases compared to August. Also bearing in mind the delicate nature of this area, this is a worrying percentage to say the least.
Even higher are the percentages relating to companies that deal with cyclical consumer goods (increase of 21%) and above all of companies in industrial contextwith an increase in cases equal to 40%.
Not just RansomedVC: the universe of ransomware is increasingly vast and dangerous
Of particular concern is RansomedVCthe latest gang to join the most famous and feared ransomware groups in the world.
According to NCC Group “RansomedVC’s innovative approach increases pressure on victims to meet ransom demands. Financial incentives for paying the ransom have increased, as GDPR allows fines of up to 4% of the victim’s annual global turnover“.
The group hit the headlines due to its attack on Sonywhich took place last September 24th, which caused quite a stir among users and professionals.
Focusing on just one ransomware group, however, would be a serious mistake. For Matt Hull, global head of Threat Intelligence at NCC Group “These groups, including LostTrust, Cactus, and RansomedVC, are notable for their approach: adapting existing ransomware techniques and introducing their own variations to increase pressure on victims. We have seen a growing number of groups using the double extortion model ransomware as a strategy, leveraging it as a successful method used by more established threat actors. New threat actors are also increasingly embracing the Ransomware as a Service model, diversifying their businesses and creating ‘unique selling points’“.
Hull also believes we will see other new groups explore these same methods to increase pressure on victims to comply with ransom demands.
