LockBit remains most dangerous ransomware despite fall in attacks
Ransomware attacks by LockBit represent a shrinking proportion of global ransomware and digital extortion (R&DE) attacks in 2023, according to new research, but still represent the most significant threat to organizations in the UK.
Analysis shows that the group is still the primary R&DE threat to all industries globally regardless of location, according to ZeroFox.
But when compared to the total number of R&DE attacks recorded in 2023, LockBit’s share of global attacks is shown to be decreasing, which ZeroFox attributes to new threat collectives adopting alternative or homemade ransomware strains.
The research found LockBit attacks accounted for just under 30% of global RD&E attacks in the first quarter of 2023, and this fell to around 15% by Q3.
UK-specific data recorded by ZeroFox shows LockBit still poses a significant threat to organizations in the UK, but this is also expected to give way to alternative ransomware strains over the coming year.
Based on a quarterly average over the period from January 2022 to November 2023, LockBit accounted for approximately 20% of all attacks against UK-based organizations.
The most frequently targeted industries in the UK were manufacturing, retail, professional services, and legal & consulting.
The percentage of global LockBit-specific attacks that targeted UK businesses was below the proportion of all incidents targeting the UK, further highlighting the diverse array of cyber criminal groups targeting organizations across the country.
Despite this, the UK’s share of global LockBit attacks has been on the rise throughout 2023, from 3.5% in the first quarter to 7.9% in Q4 (using data as of November 30 2023).
Compared to the rest of Europe, the UK does appear to be receiving an inflated number of LockBit-based attacks, according to the report, suggesting the group is specifically targeting UK organizations.
“LockBit’s Europe-focused targeting has decreased, whereas its attacks against the UK have remained broadly consistent — meaning UK organizations represent an increasing proportion of LockBit’s Europe-focused targeting,” the report said.
“Diversification of the R&DE threat landscape is driving LockBit to account for an…