Critical infrastructure organizations the target of more than half of ransomware attacks

Critical infrastructure organizations accounted for 51 percent of ransomware victims in 2022, with construction being the most targeted sector overall.

Analysis by the KrakenLabs team at Outpost24 has identified 2,363 victims disclosed by various ransomware groups on Data Leak Sites (DLS) in 2022, with an estimated $450 million paid in ransom by victims.

Existing groups like LockBit, BlackCat, Hive, and Karakurt have demonstrated exponential growth and have surpassed previous records despite the disappearance of some prominent threat groups such as CONTI and the old REvil. The ransomware group known as LockBit exhibited a significantly higher level of activity compared to other groups, being responsible for 34 percent of all recorded attacks in 2022.

Of the 101 different countries that registered victims, 42 percent of them are from the United States. The UK comes second on the list followed by Canada, Germany, and France. In fact, 28 percent of victims are from Europe.

Alejandro Villanueva, threat intel analyst at Outpost24, says, "The recent clampdown of Hive, following REvil, is a positive sign for all however organizations must ensure they keep their guards up against this constant evolving threat by prioritizing cyber hygiene through regular vulnerability assessment, security testing and combining detection with threat intelligence to surface risk signals that can help prevent infection."

The report also reveals occasions on which the ransomware groups themselves came under DDoS. In week 35 of 2022 the LockBit group claimed that it was being attacked as a consequence of leaking stolen data from Entrust, a cybersecurity company that it had attacked previously.

You can get the full report from the Outpost24 site.

Photo Credit: LeoWolfert/Shutterstock