October 24, 2023 at 10:18AM
Ransomware activity in September reached unprecedented levels, with ransomware groups launching 514 attacks, surpassing the previous record set in March. Some notable threat groups include LockBit 3.0, LostTrust, and BlackCat. LostTrust, believed to be a rebrand of MetaEncryptor, quickly rose to second place. North America was the most targeted region, and the most affected sectors were industrials, consumer cyclicals, technology, and healthcare. The total number of recorded attacks by September 2023 is around 3,500, with expectations of reaching close to 4,000 by the year-end. Despite law enforcement efforts, ransomware remains a persistent and evolving threat.
Key Takeaways from the Meeting Notes:
1. Ransomware activity in September reached unprecedented levels, surpassing March 2023 activity.
2. Clop had no activity in September, indicating they may be preparing for a significant attack.
3. LockBit 3.0, LostTrust, and BlackCat were the top threat groups in terms of attacks.
4. LostTrust is a new threat actor that quickly rose to second place, believed to be a rebrand of MetaEncryptor with significant code overlaps.
5. RansomedVC, a newcomer in extortion attacks, claimed 44 attacks, but some were later found to be exaggerated.
6. Approximately one out of five attacks in September came from a new ransomware operation, underlining their aggressiveness and scalability.
7. North America was the most targeted region (50%), followed by Europe (30%) and Asia (9%).
8. The most targeted sectors were ‘industrials’ (construction, engineering, commercial services), ‘consumer cyclicals’ (retail, media, hotels), technology (software and IT services, networking, telecommunications), and healthcare.
9. NCC Group recorded nearly 3,500 attacks from January to September 2023, with projections of close to 4,000 by year-end.
10. Chainalysis predicted 2023 to be a record-breaking year for ransomware payments based on projected data.
11. Despite law enforcement efforts, ransomware continues to evolve with improved access methods, tactics, and payloads.