Conti and LockBit troubled the United States the most, although Russia‘s war in Ukraine might reshuffle the top of the most prolific gangs in the US.
Threat actors can‘t get enough of US-based businesses, research by cybersecurity firm NordLocker revealed. A staggering 46% of all ransomware attacks impact businesses operating from the US.
Researchers looked at 5,000 companies worldwide whose combined revenue stands at $4.15 trillion, higher than the entire GDP of Germany. Almost half of the affected operate from the US.
Interestingly, researchers claim that the construction industry was the most affected by ransomware attacks, with 12% of all attacks affecting businesses in the industry.
The reason threat actors target construction may be linked to the devastating effect downtime can have on businesses in the sector, Tomas Smalakys, NordLocker’s CTO, claims.
“The thin profit margins construction contractors have to deal with make any prolonged halt to operations significantly more expensive than in more profitable industries because, for them, disposable income is much scarcer,” Smalakys told Cybernews.
He explained that construction companies suffer the most because reputation is essential as clients often decide whether to pick a contractor based on their ability to deliver products on time.
“It might also be argued that because construction is a ‘legacy’ industry, many companies, especially smaller ones, might not be up to date with the evolving cybersecurity landscape and don’t have the knowledge and tools to identify and deal with inbound threats,” Smalakys said.
According to the research, the second most affected industry was manufacturing (9.6%), followed by transportation (8.2%), healthcare (7.8%), and tech/IT (7.6%).
"The result is that the ransomware market size has remained relatively the same but has become less centralized among a few key players,"Tomas Smalakys, NordLocker’s CTO, said.
Remnants of the past
Proclaimed dead this May, the notorious ransomware group Conti still leads the list of the most notorious cybergangs this year. NordLocker‘s research shows that the gang was responsible for 17.6% of all attacks. LockBit ranked second (11.9%), with Pysa (6.8%), REvil (6.5%), and Maze (6.5%) trailing behind.
However, Conti and Revil have undergone drastic changes this year and are unlikely to remain on the top. Even with the two of the most prolific gangs gone, the overall threat landscape is unlikely to change.
“The members of these gangs have already migrated or are in the process of migrating to other, smaller ransomware operations. The result is that the ransomware market size has remained relatively the same but has become less centralized among a few key players,” Smalakys said.
Experts have predicted that Russia’s war in Ukraine might affect the ransomware market as many gangs operate from Russia. For example, Conti’s demise could be linked to a leak from a disgruntled insider after the gang openly aligned with Russia.
After the demise of Conti and REvil, the power vacuum was quickly filled by LockBit and BlackCat gangs, which rose to prominence in the first half of this year.
“Both groups most likely originate from Russia. However, it is important to note that their emergence may only correlate with the war in Ukraine and not necessarily be its direct consequence,” Smalakys said.
NordLocker’s research showed that threat actors targeted micro and small businesses in the US most often, with 65.8% of attacks targeted at companies with fewer than 200 employees.
“Small businesses are top targets for ransomware gangs because, for them, cybersecurity is often an afterthought. Smaller companies justifiably prioritize growing their operation, leaving cybersecurity on the sidelines,“ Smalakys said.
Only 15.6% of attacks targeted organizations with 201-500 employees. Meanwhile, businesses with 51-200 employees were the victims of 28.9% of attacks, and those with between 201-500 dealt with 15.6% of attacks.
Researchers have also found that the amount of attention states receive from cybercriminals differs. Michigan is the most affected by ransomware, while Missouri is the least.
More from Cybernews:
Subscribe to our newsletter