Ransomware attacks spike almost 53% in March, says NCC Group

Ransomware attacks increased 53% compared with February, representing continued growth since the start of the year.

The number of victims of ransomware attacks increased by 53% in March to 283, as compared to February’s 185, according to NCC Group’s strategic intelligence team. This represents a 38% growth in attacks from the same period last year (March 2021: 204 incidents).

The Group’s monthly Threat Pulse also suggests the increase in attacks represents a move out of a lull in attacks witnessed in December and January.

In addition, after North America and Europe suffered an equal number of attacks in February, March represents a return to normalcy, with North America once again reporting the most attacks (44%). Europe returns to its position as the second most targeted region, at 38% of attacks, demonstrating the dominant threat facing organisations across the two continents.

The most targeted sectors in March were once again industrials, making up 34% of attacks, followed by consumer cyclicals, which made up 21% of attacks. This growth in attacks activity indicates a clear trend in targeting activity by sector.

There continues to be a pattern of fluctuating increases in other sectors, as observed over the past 6 months. The basic materials sector, for example, experienced a 25% decrease in February followed by a 66% increase this March.

Key threat players remained consistent in March, with Lockbit 2.0 and Conti responsible for a substantial 59% of the total number of incidents reported.

Lockbit 2.0 remains the most notable player, accounting for 96 of the 283 attacks identified. As in February, Industrials remains Lockbit 2.0’s dominant target, with 34% of its attacks being within this sector.

Conti remains the second largest player with 71 attacks. However, the third largest threat actor was Hive, replacing BlackCat (the third largest player in February). Hive accounted for 26 incidents in March – slightly more than BlackCat’s 23.

Spotlight on Lapsus$ Group

First appearing publicly in December 2021, Lapsus$ has gained notoriety over the last four months, thanks to multiple successful breaches of large enterprises, and remained active in March.

Lapsus$ does not use encryption methods within its operations, meaning it is not classified as a traditional ransomware group. Rather, Lapsus$ should be considered as an extortion group, employing a ‘hack and leak’ approach to target the confidentiality of victims’ data.

The group relies on social media platforms to operate, using Telegram to announce its victims, and posting recruitment messages on Reddit.

Matt Hull, global lead for strategic threat intelligence at NCC Group, said: “We can see that ransomware attacks are continuing to spike as the year progresses, showing just how critical it is for organisations to have the appropriate security measures in place to protect themselves. Those working within industrials should be especially vigilant, given how trends show this sector continues to be the most frequently targeted.”

“It’s also interesting to see North America return to its position as the most targeted victim of double extortion ransomware attacks – a ‘return to normalcy’ of sorts, as the region had been on equal footing with Europe for attacks last month. By tracking these patterns, both by sector and regionally, we can monitor the organisations that are potentially at increased risk and should therefore prepare and defend against possible attacks.”

“Though not the most active player, the continued growth in attacks from Lapsus$ goes to show the ever-evolving nature of the threat landscape, and the high-profile nature of its victims reiterates how organisations of all sizes are at risk within it.”

New report provides key recommendations to MSPs on how to best grow their cloud businesses.
Access to real-time endpoint data promotes zero-trust security and enhances application performance and reliability across complex integration environments.
Network engineers and CIOs agree that cybersecurity issues represent the biggest risk for organisations that fail to put networks at the heart of digital-transformation plans. According to research commissioned by Opengear, 53% of network engineers and 52% of CIOs polled in the U.S., U.K., France, Germany, and Australia rank cybersecurity among the list of their biggest risks.
Only 1 in 5 employees feel their organisation is very prepared for hybrid working.
Significant 82% rise in short duration DDoS ‘Flood’ attacks, a 297% increase in OpenVPN attacks and a 29% higher risk of a repeat attack within a week.
One of the leading global email cloud security and backup providers adds IT security awareness-building training to its portfolio.
Tight integration of IDaaS into Censornet’s platform elevates its autonomous security capability and gives organisations intelligent affordable control of authentication.
A perfect storm of escalating cyber-attacks and global tech innovation, leaves 61 per cent of Chief Information Security Officers (CISO) only “fairly confident” of managing their current threat exposure.