A new report from GuidePoint Security shows a startling 100 percent increase in publicly posted ransomware victims from Q2 2022 to the last quarter.
The study from the GuidePoint Research and Intelligence Team (GRIT) also shows a 38 percent increase in public victims compared to Q1 of this year.
Manufacturing and technology, representing 14 percent and 11 percent of impacted industries respectively, continue to be the most affected industries, a trend that has persisted from GRIT’s observations in 2022 and Q1 of 2023. The consulting (+236 percent) and insurance (+160 percent) industries experienced the greatest relative growth in observed ransomware attacks. This contrasts with a relative decline experienced by governments (-61 percent) and the automotive industry (-59 percent).
“Q2 2023 continued to highlight the growing ransomware threat facing organizations across the globe, from both established ransomware gangs and emerging or ephemeral opportunistic groups,” says Drew Schmitt, GRIT lead analyst. “Reduced barriers to entry afforded by the Crimeware-as-a-Service and Ransomware-as-a-Service economies will almost certainly encourage more entrants going forward, and though the re-use of historical malware and ransomware provides an advantage for well-prepared and resourced defenders, smaller or less-resourced organizations will face an increased risk from the greater volume of threats.”
GRIT again observed an increase in the activity of Ransomware-as-a-Service (RaaS) groups throughout the quarter, attributed to 14 new groups that began operations in Q2 2023. This represents a 260 percent increase in ‘First Seen’ groups compared to Q1. LockBit’s commanding lead in the RaaS economy can be seen across all five of the most impacted industries except healthcare.
The prevalence of leaked ransomware builders has continued to lower the barriers to entry for emerging ransomware groups. Most notably, encryptors for Babuk, LockBit, and Conti have all been leaked online, allowing threat actors with lower technical expertise or familiarity with encryption to slightly alter and deploy fully functional ransomware.
“From the rapid diversification of the ransomware threat roster, to recycled ransomware and crimeware, to data-focused extortion shifts, GRIT continues to monitor and report on the shifting TTPs in the ransomware ecosystem,” adds Schmitt. “Community and law enforcement information sharing remain key to identifying and stymying the effectiveness of ransomware groups, and GRIT remains dedicated to the mission of increasing threat intelligence sharing through public and private partnerships.”
The full report is available from the GuidePoint site.
Image credit: AndreyPopov/depositphotos.com