GuidePoint Security’s Threat Intelligence Team Shares Analysis of Ransomware Activity in Q2 2022
GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced the release of GuidePoint Research and Intelligence Team’s (GRIT) quarterly ransomware report. This report is based on data obtained from publicly available resources, including threat groups themselves, and provides an accurate representation of the ransomware threat landscape. In the second quarter, GRIT tracked 30 ransomware groups and 581 publicly posted victims.
“From an industry perspective, manufacturing and construction were hit hard largely due to targeting by Lockbit and Blackbasta, a new group that emerged in Q2 and maintained a high operational tempo throughout the quarter. ”
The GRIT Ransomware Quarterly Report shows a slowdown of ransomware activity in June and a focus on manufacturing and construction verticals accounting for almost 20% of claimed victims. Out of the 30 groups tracked, 23 targeted the manufacturing and construction verticals.
ITechnology Networking News: NCTC and OpenVault Ink Preferred Partnership
“We saw a decrease in ransomware activity in Q2 compared to Q1 due to Conti’s operational changes in May, a significant dropoff of known Clop victims, and the complete revamp of Lockbit in June,” said Drew Schmitt, GRIT operations lead, GuidePoint Security. “From an industry perspective, manufacturing and construction were hit hard largely due to targeting by Lockbit and Blackbasta, a new group that emerged in Q2 and maintained a high operational tempo throughout the quarter. ”
ITechnology Networking News: New York Public Library and Celona Team to Shrink the Digital Divide by Bringing Free Internet Access
Key Highlights of the report:
- 34% decrease in ransomware victims from Q1 to Q2
- Manufacturing, Technology, Construction, Government, and Healthcare were the top 5 most impacted industries in Q2
- The U.S. was the most impacted country, accounting for almost 25% of all attacks
- The top 4 ransomware groups by number of publicly posted victims were Lockbit2, Alphv, Conti, and Blackbasta
The second quarter of 2022 also saw the update from Lockbit2 to Lockbit 3.0 (aka Lockbit Black), which is a new release from the Lockbit Ransomware as a Service (RaaS) group. This group, which claims to operate from the Netherlands with origins in former USSR nations, allows affiliates to keep 80% of the ransoms and protects their infrastructure and organization through a bug bounty program and a thorough vetting process for new affiliates. Additionally, Lockbit offers multiple purchase options for each intrusion on their leak site to either delay the release for a small fee, destroy data, or download data.
“We expect to see an uptick of Lockbit 3.0 activity and potentially other restructuring and consolidation in affiliate-based ransomware operations,” said Schmitt.
ITechnology Networking News: Edgecore to Collaborate with Telkom Indonesia, TIP, OCP, and IP Infusion to Demo Open Networking Solutions
[To share your insights with us, please write to sghosh@martechseries.com]
