Ransomware attacks reached record levels in September


Ransomware attacks reached never-before-seen levels this September, with 514 victims exposed in leak sites and new threat actors emerging, a report from NCC Group reveals.

September marked a 153% year-on-year increase in ransomware victims. The previous top spot belonged to July 2023 with 502 large attacks, but September broke the record with 514 victim details released in leak sites.

The emergence of new threat actors is partly responsible for this achievement, as new threat actors already rank in the top five most active groups.

ADVERTISEMENT

“Recently formed threat actor LostTrust ranked as the second most active group, responsible for 53 (10%) of all attacks, with another new group – RansomedVC – in fourth place with 44 (9%) attacks,” NCC’s Threat Pulse report reads.

LostTrust, known for double extortion methods, is believed to have formed in March this year, with its activity coming to light in September.

Once again, the infamous Lockbit gang was the most active ransomware gang during the period. However, the Cl0p ransomware gang, responsible for the MOVEit attacks, was linked to only three attacks in September.

“Well-established threat actors remained active in September,” researchers said.

Industrials, consumer cyclicals, and technology were the most targeted sectors by ransomware gangs. The healthcare sector was also on the rise, marking an 86% increase from August.

North America continues to be at the center of cybercriminals' attention, with 258 attacks in September. Europe remained the second most targeted region with 155 attacks, followed by Asia in third place with 47.

“After the drop in ransomware attacks in August, the surge in attacks during September was somewhat anticipated for this time of year. However, what stands out is the volume of these attacks and the emergence of new threat actors who have been major drivers of this activity,” Matt Hull, Global Head of Threat Intelligence at NCC Group, said.

New threat actors are increasingly relying on the Ransomware as a Service (RaaS) model while diversifying their activities and finding new ways to pressure victims into paying ransoms.

ADVERTISEMENT

To understand the activity of ransomware groups, you can also check Ransomlooker, which monitors sites and delivers a consolidated feed on potential threats.