New ransomware groups emerge but overall activity slows
Research from GuidePoint Security shows eight new ransomware groups have emerged in the last quarter and that there has been at least one new ransomware group each month since January 2021.
The report, from the GuidePoint Research and Intelligence Team (GRIT), tracked 27 ransomware groups and 568 publicly posted victims in the third quarter of this year and shows a slight slowdown overall of ransomware activity from the previous quarter.
Manufacturing industry has seen an 18 percent drop quarter-over-quarter in public ransomware postings, it is still the most impacted industry, tied with technology, which has seen a 20 percent increase in ransomware victims.
Lockbit continues to dominate the activity from ransomware-as-a-service groups -- it is still by far the most prolific ransomware group maintaining a 42 percent share of all publicly posted ransomware victims and targeting 48 countries in Q3. Meanwhile, Hive's activity dramatically increased with a 104 percent rise in publicly posted victims. 12.8 percent of all reported Hive victims are in healthcare, twice the rate of Lockbit with 6.4 percent health sector victims.
"For the second quarter in a row, we saw a slight slowdown in ransomware activity, although as many industries are ramping up operations for holiday seasons, we expect to see increased targeting from prolific ransomware groups such as Lockbit, Hive, Blackbasta, and others whose goal is to financially profit from the victims they claim," says Drew Schmitt, GRIT lead analyst at GuidePoint Security. "We will continue to monitor ransomware trends to provide increased awareness so that blue teams can focus their efforts on proactively improving their security postures, implementing core cybersecurity concepts, and ensuring that they are ready in case they need to respond to an event."
Ransomware attacks targeted mostly western nations in Q3. Among the top 10, only Japan and Australia are outside Europe and North America. Spain has seen a significant increase in the number of publicly posted victims compared to previous quarters, this is directly related to activity from the Sparta group which has entered the top 10 threat actors for the first time.
The full report is available from the GuidePoint site.
Photo Credit: LeoWolfert/Shutterstock