A new edition of NCC Group’s Monthly Threat Pulse report showed that the number of ransomware attacks are on the rise. The report details that ransomware attacks grew by a staggering 53% in February alone, a number that may increase even more with the passing of the Strengthening American Cybersecurity Act in March.
“With ransomware attacks increasing–as would be expected after the seasonal reduction in January–it is vital that organizations continue to ensure they apply appropriate security measures,” said Matt Hull, cyber threat intelligence manager at NCC Group. “This is especially important for the Industrials sector, which continues to be the most frequent victim of ransomware.”
Who is being affected by ransomware attacks?
The monthly report profiles the industries most affected by these attacks, with industrials ranging from aerospace and defense to construction and engineering being attacked at the highest rate.
The three most targeted sectors by percentage in the month of February were:
- Industrials (35.68%)
- Consumer cyclicals (21.62%)
- Technology (8.11%)
When breaking down the number of attacks by region, it was found that North America was targeted most, with each region tying for 42% of the attacks in the month of February. Asia saw the third-most attacks in the world during this stretch, making up 10% of the most affected areas.
“It’s interesting to see a regional trend emerging in Europe and North America, with both regions seeing the same number of victims of double extortion ransomware attacks,” Hull said. “By continuing to closely monitor if this pattern persists, we will be able to determine what this means for the wider European threat landscape.”
Interestingly enough, NCC Group found that the rate of cyberattacks has increased after winter holidays, as 2021 saw the percentage of attacks jump from January to February at a clip of 55%. It is theorized that these malicious actors are ‘returning to work’ after the holidays much like businesses and those within the workforce.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
The most active hacking groups
The three busiest cyber threat groups in the month of February by percentage of attacks were:
- Lockbit 2.0 (42%)
- Conti (18%)
- BlackCat (11%)
When breaking down the attacks by specific groups, it was surmised that hacking collective Lockbit 2.0 was tagged in the report as the most active and most likely to target companies in the industrial sector, accounting for nearly 31% of attacks during this period. One specific area Lockbit 2.0 had been directing their hacking attempts towards was the realm of Professional and Commercial Services, which accounted for 37.5%.
Conti was also one of the most active collectives, and much like Lockbit 2.0, primarily targeted industrial enterprises. NCC Group has theorized that Conti is not choosing companies specifically, but rather opportunistically picking off vulnerable enterprises that can be exploited. NCC Group also says that organizations in the industrials or consumer cyclicals sectors should secure their systems immediately and assume they may be Conti’s next targets.
“The disruption in Conti activities comes as a welcome change, but with clients continuing to come under new attacks, it is clear that this ransomware variant is still very much in use,” Hull said. “Our Strategic Threat Intelligence team continues to keep an eye on the use of Conti, and as always will provide updates to our customers to help them manage the risk to their organizations.”
BlackCat was also one of the busiest in the month of February. BlackCat made up the third-largest contributor of attacks during the period, being credited with stealing data from a pair of German oil companies on February 1 and the Swissport ransomware attack just three days later. NCC Group stated in the report that it expects BlackCat to remain within the top-three most active malicious organizations for March, having already been highlighted in a report from Cisco Talos last month.