Record ransomware levels recorded in September, according to NCC Group
A record number of ransomware attacks were detected in September by cybersecurity firm NCC Group, marking a 153 per cent rise since 2022.
The Manchester-based firm’s Threat Pulse survey showed there were 514 victims’ details released on dark web leak sites last month.
It breaks the record set in July 2023, which had previously held the top spot with 502 attacks, according to the company.
Recently formed threat actor LostTrust ranked as the second most active group, responsible for 53 (10 per cent) of all attacks, with another new group – RansomedVC – in fourth place with 44 (9 per cent) attacks.
LostTrust is believed to have formed in March this year, with activity now coming to light in September. The group has adopted similar methods of double extortion used widely by more established threat actors.
Well-established threat actors remained active in September, with Lockbit retaining its August top spot. With new threat actors emerging and following the decrease of its activity in August, Clop was only responsible for three ransomware attacks in September.
In line with previous months’ trends, North America continued to be the most targeted region for ransomware attacks, with 258 attacks in September. Europe remained the second most targeted region with 155 attacks, followed by Asia in third place with 47.
However, September saw the targeting of North America and Europe increase by 3 per cent and 2 per cent respectively, whilst attacks in Asia decreased by 6 per cent from August. This indicates a growing focus from threat actors on targeting Western regions.
In September, industrial firms continued to experience the highest volume of attacks 40 per cent (19), followed by consumer cyclicals with 21 per cent (10) and healthcare 15 per cent (7). The theft of Personally Identifiable Information (PII) and Intellectual Property (IP) remain attractive motivators for threat actors in the industrial sector.
The healthcare sector experienced a significant increase in ransomware attacks. It witnessed 18 attacks, marking an 86 per cent month-on-month increase from August. However, the increase is in line with trends in earlier months this year, suggesting that the dip in August was an anomaly to the overall trend. Healthcare continues to be an attractive target for threat actors because of the financial impact that a ransomware attack on companies in the pharmaceutical industry can have.
Matt Hull, global head of threat intelligence at NCC Group, said: “After the drop in ransomware attacks in August, the surge in attacks during September was somewhat anticipated for this time of year. However, what stands out is the volume of these attacks and the emergence of new threat actors who have been major drivers of this activity.”