The United States remained the country most affected, accounting for 38.9% of all victims of ransomware attacks. Compared to the first quarter of 2022, the number of victims in this country increased by 35.6%. The United States is likely to remain the most targeted country in the coming quarters as it is considered the most profitable region for ransomware groups.
Germany is second (an increase of 66.7% compared to the first quarter of 2022), followed by the United Kingdom (an increase of 16.2%), Italy (an increase of 6.7%), Canada (an increase of 50 %) and France (an increase of 26.1%). .
The LockBit ransomware group set a new record in the second quarter of 2022 with the release of an enhanced version of its ransomware as a service under the slogan “Make Ransomware Great Again!” This is shown by the quarterly Digital Shadows analysis titled “Ransomware back in Business”.
The threat intelligence provider monitors over 88 different data leakage sites (DLS) that threaten to release ransomware data daily. In the period from April to June, analysts counted a total of 705 companies and organizations listed there, 21% more than in the previous quarter. If this upward trend continues in the coming months, 2022 could become a new record year for ransomware.
Focus on critical infrastructure
Attackers target particularly critical sectors and infrastructures (KRITIS). The tech sector saw a 118% increase in attacks. Healthcare more than doubled the number of attacks (137%) compared to the previous quarter. And government agencies overall faced 56% more attacks. However, there has also been no respite in other sectors in the last three months: 18% of the manufacturing and services sector is still among the sectors most often attacked by ransomware. It is followed by the technology sector (9%), construction (8%), health care (6%) and public authorities (6%).
Germany comes second on the list of countries
As in previous quarters, ransomware attacks in Q2 2022 were mostly concentrated in countries where companies usually succumb to extortion attempts and pay heavy ransom for their data. The leader here is definitely the USA with 274 hits. Germany ranked 2nd on the list of countries with 50 ransomware attacks for the first time in the last quarter – an increase of 67% compared to the first quarter. Domestic companies seem to be increasingly becoming a lucrative target. In fact, the number of unreported cases is likely to be even higher as the numbers only cover DLS ransomware victims.
LockBit sets a new ransomware record
The increase in ransomware attacks is due to an overall higher level of activity by criminal groups. The attackers around Alphv (+ 118%) and Vice Society (+ 100%) were extremely active. However, LockBit remains the leader, with an overwhelming lead at the top of the list of the most successful, and therefore the most dangerous, ransomware entities. In Q2 2022, the group saw more than three times more casualties than any other initiative and set a new record of 231 successful attacks. LockBit is responsible for the third (33%) of all ransomware cases observed by Digital Shadows on DLS. The total death toll is steadily approaching 1,000.
“Make ransomware great again!”
The LockBit success story is likely to continue in the current quarter with the release of LockBit 3.0 in June. In addition to enhanced features, the new version of ransomware-as-a-service even offers attackers its own bug bounty. Users who report errors on the site, identify vulnerabilities in the encryption software, or find personally identifiable information, can expect a reward of $ 1,000 or more. Creative ideas and relevant information are also welcome and receive a bonus – at least as announced.
In parallel to LockBit 3.0, the group unveiled a new dark web data leak page – with new services for the affected companies. In the future, it will also be possible to pay the ransom in the form of the Zcash cryptocurrency. In addition, ransomware victims have two options: pay immediately for the destruction of stolen data or extend the payment period by 24 hours. The professionalization of ransomware has thus taken a new level of absurdity.
To Conti: the king is dead, long live the king
However, some good news also surfaced in recent months: in May, the Conti gang announced that they would stop all activities. The reason for the end is unknown, but most likely related to an internal leak in April. Anonymous source posted byover 60,000 chats that provide deep insight into techniques, tactics, and procedures (TTP) and the Conti organization. The group is one of the most successful players in the ransomware space since mid-2020. In the second quarter, Digital Shadows recorded more than 50 casualties on Conti.News, which placed the ransomware gang in second place after LockBit for over a year. However, potential successors are already in the starting blocks – including newbies like Black Basta, Mindware, Cheers, RansomHouse, Industrial Spy, Yanluowang, Onyx, NOKOYAWA, and DarkAngels.