Cyber Security

GRIT Releases New Ransomware Trends Report

GuidePoint Security’s Threat Intelligence Team Shares Analysis of Ransomware Activity in Q2 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the release of GuidePoint Research and Intelligence Team’s (GRIT) quarterly ransomware report. This report is based on data obtained from publicly available resources, including threat groups themselves, and provides an accurate representation of the ransomware threat landscape. In the second quarter, GRIT tracked 30 ransomware groups and 581 publicly posted victims.

The GRIT Ransomware Quarterly Report shows a slowdown of ransomware activity in June and a focus on manufacturing and construction verticals accounting for almost 20% of claimed victims. Out of the 30 groups tracked, 23 targeted the manufacturing and construction verticals.

“We saw a decrease in ransomware activity in Q2 compared to Q1 due to Conti’s operational changes in May, a significant dropoff of known Clop victims, and the complete revamp of Lockbit in June,” said Drew Schmitt, GRIT operations lead, GuidePoint Security. “From an industry perspective, manufacturing and construction were hit hard largely due to targeting by Lockbit and Blackbasta, a new group that emerged in Q2 and maintained a high operational tempo throughout the quarter. ”

Key Highlights of the report:

  • 34% decrease in ransomware victims from Q1 to Q2
  • Manufacturing, Technology, Construction, Government, and Healthcare were the top 5 most impacted industries in Q2
  • The U.S. was the most impacted country, accounting for almost 25% of all attacks
  • The top 4 ransomware groups by number of publicly posted victims were Lockbit2, Alphv, Conti, and Blackbasta

The second quarter of 2022 also saw the update from Lockbit2 to Lockbit 3.0 (aka Lockbit Black), which is a new release from the Lockbit Ransomware as a Service (RaaS) group. This group, which claims to operate from the Netherlands with origins in former USSR nations, allows affiliates to keep 80% of the ransoms and protects their infrastructure and organization through a bug bounty program and a thorough vetting process for new affiliates. Additionally, Lockbit offers multiple purchase options for each intrusion on their leak site to either delay the release for a small fee, destroy data, or download data.

“We expect to see an uptick of Lockbit 3.0 activity and potentially other restructuring and consolidation in affiliate-based ransomware operations,” said Schmitt.

For more information or to download the report, go to: https://www.guidepointsecurity.com/resources/grit-report-april-june-2022/.

Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!

Related posts

CUJO AI Wins a Prestigious Global Infosec Award at RSA 2023

PR Newswire

KnowBe4 released highlights of the speaking sessions from KB4-CON 2024

PR Newswire

Edison Partners Leads USD $30M Investment in Field Effect

Business Wire