Ransomware returns with a vengeance, U.S. hardest hit region

/in


cyber criminal hacking system at monitors hacker hands at work internet crime concept hacker steals. Generative AI. Credit: 2ragon/Adobe Stock From July 2022-June 2023, there were approximately 1,900 reported ransomware events in the U.S., Germany, France and the U.K. and more than 2,400 among the 10 most targeted countries, Malwarebytes, Inc. reports. Credit: 2ragon/Adobe Stock

While 2022 saw a decline in the number of ransomware incidents, for a few reasons, these cyberattacks are coming back in style with the U.S. seeing a 75% increase in ransomware events between the first half and second half of the past 12 months, according to Malwarebytes, Inc.

From July 2022-June 2023, there were approximately 1,900 reported ransomware events in the U.S., Germany, France and the U.K., and more than 2,400 among the 10 most targeted countries.

The U.S. saw the bulk of these attacks, accounting for 43% of all global ransomware incents during the period, according to Malwarebytes. The U.S. had 1,462 reported ransomware events in the past 12 months, while the U.K., which was the second most targeted region, saw just 196.

Additionally, ransomware gangs are becoming more prolific in the volume of attacks in the U.S. From July-December 2022, only two groups managed to pull off 15 or more attacks in a single month. From January-June 2023, at least seven groups pulled off 15 or more attacks per month.

Further, five groups were able to record more than 100 attacks during the past 12 months. This includes more than 286 attacks by LockBit, which heavily targeted insurers during 2022′s first quarter and has more than 100 affiliates. LockBit is the most dominant form of ransomware-as-a-service in the U.S., averaging about 24 attacks each month.

While LockBit continued to be the most active ransomware group, the CL0P gang and its use of zero-day vulnerabilities is of particular note, according to Malwarebytes. Twice during the past 12 months CL0P’s rate of attack vastly exceeded that of LockBit. These incidents included the March 2023 GoAnywhere MFT event and the MOVEit breach in late May.

Further, CL0P’s embrace of zero-day vulnerabilities, which exploit a security flaw that has yet to be patched, could signal a shift in hackers’ tactics, Malwarebytes reported. CL0P’s recent exploits show that ransomware gangs can handle the cost…

Source…