{"id":88587,"date":"2023-03-28T04:00:00","date_gmt":"2023-03-28T04:00:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=88587"},"modified":"2023-03-28T04:00:00","modified_gmt":"2023-03-28T04:00:00","slug":"ransomware-attacks-up-45-in-february-lockbit-responsible","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=88587","title":{"rendered":"Ransomware attacks up 45% in February, LockBit responsible"},"content":{"rendered":"
<\/div>\n

After a month-on-month decline during the first few weeks of 2023, the number of ransomware<\/a> attacks tracked in the wild soared by 45% in February, largely driven by an increase in LockBit activity, according to proprietary data published today by NCC Group<\/a>.<\/p>\n

NCC\u2019s Global Threat Intelligence Team recorded 240 ransomware attacks in February, the biggest volume its researchers have ever recorded during this period.<\/p>\n

Of these, LockBit accounted for 129 (54%), NCC said, up from 50 attacks \u2013 including the hit on Royal Mail<\/a> \u2013 in January. LockBit was a \u201cdriving force\u201d behind attacks on the consumer non-cyclicals, industrials and consumer cyclicals sectors.<\/p>\n

\u201cIn February, we observed a surge in ransomware activity, as expected when coming out of the typically quieter January period,\u201d said NCC global head of threat intelligence Matt Hull.<\/p>\n

\u201cHowever, the volume of ransomware attacks in January and February is the highest we have ever monitored for this period of the year. It is an indication of how the threat landscape is evolving and threat actors show no signs of reducing ransomware activities.<\/p>\n

\u201cLooking at the most prevalent threat actors, Lockbit 3.0 looks set to carry on where it left off in 2022, and is already leading the way as 2023\u2019s most prevalent threat actor by some margin,\u201d he said. \u201cBlackCat also remains consistent, whilst the ever-sporadic BianLian returned to the top three.\u201d<\/p>\n

The NCC team attributed 31 attacks (13% of the total) to BlackCat<\/a>, and 20 (8%) to BianLian, a relatively new ransomware operation \u2013 first emerging in July of 2022 \u2013 that is proving highly effective.<\/p>\n

The actors behind it are highly skilled and demonstrate exceptional operational security, and as such have really hit their stride in the past few months.<\/p>\n

Following the release of a decryption tool for BianLian<\/a> the gang has more recently shifted focus to concentrate less on encryption with ransomware, and more on straight-up data theft and extortion<\/a>.<\/p>\n

NCC additionally found North America remains the target of approximately 50% of global ransomware activity, with Europe accounting for 23% of victims and Asia 15%. The most targeted sectors remain industrials and consumer cyclicals, accounting for 33% and 15% of victims respectively, while consumer non-cyclicals (utilities, healthcare and other consumer staples) accounted for 8% of victims in February, largely as a result of LockBit activity.<\/p>\n

Meanwhile, the takedown of the Hive ransomware operation at the end of January in a coordinated international operation<\/a> led by the FBI, which hacked into Hive\u2019s infrastructure in July 2022, stole its decryption keys, and handed them over to victims. Gang members were also sanctioned by US and UK authorities.<\/p>\n

Although the operation against Hive was clearly successful to the extent that its operational capabilities were disrupted, NCC\u2019s threat team assesses that as they are likely protected by the Russian state, its members will almost certainly continue operating under a different guise.<\/p>\n

\u201cIt will be interesting to see how the takedown of Hive by the US Department of Justice plays out,\u201d said Hull. \u201cWhile this means their digital operations have been taken down, it\u2019s unlikely Hive\u2019s members will disappear completely. Our threat intelligence team will continue to keep a close eye on how this impacts the threat landscape.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

After a month-on-month decline during the first few weeks of 2023, the number of ransomware attacks tracked in the wild soared by 45% in February, largely driven by an increase in LockBit activity, according to proprietary data published today by NCC Group. NCC\u2019s Global Threat Intelligence Team recorded 240 ransomware attacks in February, the biggest […]<\/p>\n","protected":false},"author":1,"featured_media":88588,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-88587","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88587"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88587\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/88588"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=88587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=88587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}