BlackFog, a global cyber security firm, has published a report on global ransomware that indicates August was the second-highest month of all time for cyber ransom-driven attacks.
The report states:
“In August, we recorded 39 ransomware attacks, the second highest month we’ve ever recorded. Healthcare organizations were hit hard this month with 10 different incidents recorded, including an attack on the UK’s NHS as well as an attack on a French hospital which resulted in a massive $10,000,000 ransom demand. Education, government and utilities also seemed to be high on the target list for cybercriminals. South Staffordshire Water’s ransomware incident gained a lot of news coverage when Clop misidentified their organization for another larger water supplier. Yanluowang Group (part of Lapsus$) made headlines when it infiltrated Cisco’s corporate network, publishing 3,100 files of data on the dark web.”
The United States if the most frequent target jurisdiction with the top “exfiltration” countries being a mish mash of locations (or ROW – the Rest of the World), followed by China (25%) and then Russia (19%). None of this should come as a surprise.
Attacks tend to focus on entities with antiquated infrastructure, think public services or education.
Remote Desktop Protocol (RDP) is the top path for bad actors followed by email Phishing scams.
For the bad buys, the payout averaged $228,125 – an 8% increase versus the first quarter of 2022. Who says crime doesn’t pay.
Dr. Darren Williams, CEO and Founder, BlackFog, issued the following statement on ransomware activity:
“August represents the second biggest month of ransomware attacks since we began recording ransomware attacks back in 2020. We continue to see increased attack rates in sectors with low levels of protection and aging infrastructure such Education and Government, with increases of 15% and 20% respectively. This month we also saw dramatic increases in Healthcare and Services sectors of 33% and 35% respectively as attackers look to broaden their targets. Lockbit continued its dominance along with Conti at 14% and 16.5% respectively. The top 4 variants now contribute to 50% of all new attacks. Lastly, this month we also saw that attacks leveraging the PowerShell for the first time hit 80%, a new record.”
And what about crypto as a means for collecting on the schemes? Unfortunately, the report does not provide an exact number, but it is probably pretty high.