According to NCC Group‘s Global Threat Intelligence team, the ransomware threat scene continues to evolve following the disbanding of Conti, as ransomware attacks rose from 135 in June to 198 in July, representing a 47% increase. The escalation in ransomware attacks comes amidst the rise of several new threat actors, with newcomer Lockbit 3.0 taking the top spot followed closely by Conti-associated threat actors Hiveleaks and BlackBasta, that are settling into a new way of operating.
This month, North Korea-backed APT Group Lazarus claims the spotlight following a number of financial cybercrimes to aid the North Korean state earlier this year, including cryptocurrency thefts and suspected ransomware adoption. These include the $600 Million Cryptocurrency Heist on Axie Infinity, and the $100 Million Crypto Heist on Harmony’s Horizon Bridge.
Sector trends remained consistent in July, with Industrials remaining the most targeted sector, as it made up a third (32%) of ransomware attacks, followed by Consumer Cyclicals (17%), and Technology (14%).
From a regional perspective, North America claimed the spot for most targeted region (42%), overtaking Europe (40%) for the first time in 2 months. The last time we saw North America as a top target was back in May.
As we moved into July, the phasing out of Lockbit 2.0 and transition to new variant Lockbit 3.0 looked to complete, as Lockbit 3.0 moved into pole position as the top ransomware variant this month with 52 incidents.
Meanwhile, the rise in prominence from Hiveleaks (27 victims), and BlackBasta (24 victims) may represent a possible regrouping of former Conti members as new, smaller factions.
Meanwhile, Lazarus have continued to make ripples in the cyber threat landscape following their $100 million crypto heist on Harmony’s Horizon Bridge in late June.
As a result of this activity, the US has responded by offering $10 million to any individual who can provide valuable intelligence on any of the operators within Lazarus Group; as North-Korea evidently see the advantages of using crypto-theft and possible ransomware operations in a pursuit on financial security.