A new report has been published by Guidepoint Security’s Research and Intelligence Team (GRIT) tracking ransomware activity in the third quarter of this year. Although it is still too early to say if the small decline in ransomware attacks seen in Q3 will continue, ransomware remains to be the largest cyber threat to organizations, and are among the most expensive cybersecurity incidents to control.
In Q3, GRIT has identified 27 active ransomware organizations. This is a slight decline from Q2, when 30 organizations had launched attacks. In comparison to the 581 victims publicly publicized in Q2, there were 568 ransomware victims in Q3, a 2.2 percent decline. Public disclosures of victim’s sensitive information occurred at a rate of 6.24 per day in Q3. However, this number may not be accurate. Some of the ransomware organizations identified do not disclose all their victims to their data leak websites, and some disclosures were prevented when the victim had paid the ransom demands. Despite this, data released by the ransomware removal company Coveware shows a decline in the number of organizations paying ransom demands.
GRIT identified LockBit as by far the most active ransomware operation in Q3, followed by BlackBasta, Hive, AlphV, Bianlian, and Vice Society. The Health Sector Cybersecurity Coordination Sector recently issued a warning regarding LockBit since the organization is known to exploit the health sector (HC3). In comparison to the previous two months, the gang increased the number of incidents in September, and they were responsible for 42 percent of all victims who were publicized, going from 211 in Q2 to 235 in Q3. The third quarter saw a 32 percent rise in victims for Blackbasta, the second most active organization, and a 104% increase in attacks launched by Hive, the third most active group. Like Lockbit, HC3 recently issued a warning against Hive. Hive actively targets the healthcare sector; 12.8 percent of its victims were in the healthcare and public health (HPH) sector, which is double the proportion of victims in the HPH sector as LockBit. According to the report, the health sector came in third in terms of the number of victims in Q3, with LockBit, Hive, and BianLian reporting the biggest number. For casualties that were made public, manufacturing scored highest, closely followed by technology.
In total for this year, 44 ransomware organizations have been identified. As a result, 1846 victims have had their sensitive information disclosed publicly. The United States faces the greatest threat from ransomware, accounting for approximately 39 percent of total victims, followed by France and the United Kingdom. Finally the report notes that attacks are also being conducted more widely, with 16 countries having been the target of ransomware gangs for the first time this year in Q3.