A cyber platform has brought out its latest monthly ‘State of Ransomware’ report. Darren Williams, CEO and Founder of Blackfog says: “The momentum from January continues with an all time record for February, with a total of 57 reported attacks, an increase of 43pc from 2023. Unreported attacks were also up, with a 63pc increase over 2023. While we expected to see some stabilization in the unreported to reported ratio this month we saw it increase to 644pc, nearly double that of last month. This indicates that many organizations are still not complying with the new SEC incident disclosure rules.
“February also saw a high volume of attacks on the government, manufacturing and healthcare sectors with increases of 150pc, 114pc and 113pc respectively. Education sector remained the leading sector with a 43pc increase this month. LockBit continues as the dominant ransomware variant with 27.2pc of reported and 32.5pc of unreported attacks followed by BlackCat. We also saw a new variant “Hunters”, a derivative of Hive, enter the charts in fourth place in unreported attacks and expect to see this evolve in the coming months. Hunters International purchased the assets of Hive after the takedown in 2023.
“Finally, data exfiltration is now involved in 91pc of all attacks. As the primary goal of all attacks, data exfiltration ensures that attackers can threaten and sell victims data for years to come, regardless of whether payments are made or not. Once data loss has occurred there is no way to put the genie back in the bottle. This month we also see China and Russia dominate as the leading destinations for exfiltrated data with 18pc and 8pc respectively.”
For the firm’s State of Ransomware February report, visit: https://www.blackfog.com/the-state-of-ransomware-2024/#February.
The UK’s National Crime Agency (NCA) recently announced that it has been conducting a months-long campaign with international partners to disrupt the threat posed by the LockBit ransomware operation. Last year, the UK official National Cyber Security Centre (NCSC) warned that LockBit presented the highest ransomware threat to businesses in the UK and that it was almost certainly the most deployed ransomware strain globally. For more on ransomware visit the NCSC website.
Comment
Dave Adamson, CTO at the managed service provider, Espria, believes that small and medium sized businesses (SMBs) should not get complacent with security, as they are appealing targets for ransomware attacks. He says: “Ransomware attackers are doing their homework, learning and understanding the value of specific, often smaller organisations, and tailoring their attacks to take advantage of available revenues. Simply asking for turnovers per day, with the threat that operations could be locked down for the equivalent of a week’s worth of revenue, is enough to get SMBs to pay up in the hope their attackers will move on.
“It is important to emphasise that the vast majority of attacks we observe are purely financially motivated. Where small business owners assume the value is in larger organisations, cyber attackers are more interested in a reliable pay-out, which is easier to achieve from weaker targets. By exploiting potential misconfigurations in cloud services or platforms, cyber actors expose sensitive data, compromise applications and disrupt operations.
“Whilst we live in a world with increasing automation, cybercriminals are going the opposite way. Often now it’s a human operative on the other end that’s attacking, rather than automated. This presents a bigger problem for security, as humans are blessed with the ability to adapt and problem-solve more effectively. But let’s not forget, they have the same access to AI tools that we do.”
