The LockBit ransomware group has claimed a significant increase in attack volume in May 2024, which would once again make it the most active ransomware gang, a new report from NCC Group shows. The LockBit ransomware operation was disrupted in February when law enforcement agencies in North America, Europe, and Asia seized 34 servers, took over the gang’s Tor-based leak site, froze its cryptocurrency wallets, and collected technical information on the group’s infrastructure.
The US government has since announced a $10 million reward for information on LockBit leaders, charges against individuals associated with the gang, including alleged LockBit mastermind Dimitry Yuryevich Khoroshev, and the extraction of over 7,000 LockBit encryption keys.
See: https://redskyalliance.org/main/search/search?q=lockbit
In February 2024, the LockBit operators launched a new leak site, claiming they could restore some of the disrupted infrastructure. They continued targeting organizations worldwide but at a much slower pace compared to pre-disruption levels.
In May 2024, there was an overall increase in ransomware attacks globally (32% up month-on-month and 8% up year-on-year). LockBit apparently once again became the most prominent ransomware group, accounting for 176 attacks, or roughly 37% of all ransomware incidents, NCC Group reports. This represents a 665% increase in attack volume. In comparison, the Play gang was the second most active ransomware group with 32 attacks, and RansomHub claimed the third position with 22 attacks.
“It’s possible that amidst law enforcement action, LockBit not only retained its most skilled affiliates but also attracted new ones, signaling their determination to persist. Alternatively, the group might be inflating their numbers to conceal the true state of their organization,” NCC Group threat intelligence head Matt Hull said.
According to NCC Group, while threat actors continued to focus on entities in North America and Europe, the number of attacks against organizations in South America and Africa increased significantly in May, likely because these regions are used to test new malware and attack methods.
In May 2024, the industrial sector was targeted the most, witnessing 143 attacks, and the technology sector came second, receiving 72 ransomware attacks.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Our services can help detect cyber threats and vulnerabilities. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
Comments