Note: this Recorded Future Ransomware Tracker is updated on the second Sunday of each month to stay current. The number of victims posted on ransomware extortion sites increased in May, with ransomware gangs publicly claiming more than 400 attacks in a month for the second time this year.
The uptick was fueled in large part by the Russia-linked LockBit ransomware group, which posted 74 victims to its extortion site in May. The group has become far and away the most active ransomware gang, with nearly 1,720 cyberattacks attributed to it in recent years.[1]
Recent LockBit victims include a major dental insurance provider that leaked data on nearly 9 million people across the US, a water utility in Portugal, and the UK's Royal Mail, which faced "severe service disruption." "LockBit is basically the last RaaS [ransomware as a service] group standing, so they are attracting all of the affiliates that have left other groups which means we will continue to see large numbers of LockBit attacks," said a ransomware expert at Recorded Future who is involved in tracking attacks. "[That is] until law enforcement finally takes them down," he added.
In total, there were 414 victims posted to ransomware sites in May, compared to 344 the previous month, according to data collected by Recorded Future from extortion sites, government agencies, news reports, hacking forums, and other sources. May had the second-highest number of victims on record, just shy of the 437 victims recorded in March.
2023_0609 - Ransomware Tracker - Most Prolific Ransomware Groups.jpg
2023_0609 - Ransomware Tracker - Reported Ransomware Attacks on Healthcare Providers.jpg
2023_0609 - Ransomware Tracker - Reported Ransomware Attacks on State and Local Governments.jpg
2023_0609 - Ransomware Tracker - Reported Ransomware Attacks on School Districts.jpg
2023_0609 - Ransomware Tracker - Potential Schools Impacted.jpg
Graphs from this ongoing project can be shared and reproduced with proper attribution.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://therecord.media/ransomware-tracker-the-latest-figures/
Comments