Ransomware attacks have increased 52.89 percent compared to January according to the latest monthly findings from NCC Group, with business users across the board being affected. Recorded incidents rose from 121 in January to 185 in February.
NCC Group, which issues regular updates on the scale of threats, has found that the business sectors most affected were industrials, (35.68 percent), consumer cyclicals (21.62 percent) and technology (8.11 percent).
In geographical terms, North America has seen similar levels of ransomware activity as Europe, with both territories being on the receiving end of 42.16 percent of the attacks respectively. Asia got off quite lightly by comparison, with just 10.27 percent.
However, universally, the most consistent threat factor currently is LockBit 2.0, which accounted for 42.2 percent of all attacks.
The stats are collated by NCC Group’s dedicated Strategic Threat Intelligence team. It's key findings revealed that the number of victims of double extortion ransomware attacks increased 52.89 percent between January and February. That’s in direct contrast to the seasonal reduction normally seen between December and January.
Related: Best cloud storage
Lockbit and Conti are major security threats
NCC Group has warned business users to expect the figures to rise as the year rolls on, particularly as attacks by threat actors are ramped up in the wake of the global pandemic.
Lockbit 2.0 continues to be a clear and present threat for business owners. It affected the industrials sector badly, accounting for 30.77 percent of all attacks during February. The January figure was even higher, at 31.7 percent.
However, other common threats include Conti, rated as the second biggest player during January. It was responsible for 17.8 percent of attacks. Not far behind was BlackCat, which during February was the third largest contributor of attacks compared to just 5 percent shown up in January. Snatch continues to be a major threat too.
The security community has been paying particular attention to Conti Group. In February the group posted a message on its blog announcing full support for the Russian government. This has since been amended to indicate that they are not allied with a government.
But, it has also been stated that they will retaliate against any targeting of Russian critical infrastructure, suggesting they are sympathetic towards the Russian government.
Matt Hull, cyber threat intelligence manager at NCC Group, said: “With ransomware attacks increasing – as would be expected after the seasonal reduction in January – it is vital that organisations continue to ensure they apply appropriate security measures. This is especially important for the Industrials sector, which continues to be the most frequent victim of ransomware.”
“It’s interesting to see a regional trend emerging in Europe and North America, with both regions seeing the same number of victims of double extortion ransomware attacks. By continuing to closely monitor if this pattern persists, we will be able to determine what this means for the wider European threat landscape.”
“The disruption in Conti activities comes as a welcome change, but with clients continuing to come under new attacks, it is clear that this ransomware variant is still very much in use. Our Strategic Threat Intelligence team continues to keep an eye on the use of Conti, and as always will provide updates to our customers to help them manage the risk to their organisations.”
Secure your business with the best data recovery software.