There was a small decrease in ransomware attacks in Q3, but it is too soon to say whether that decreasing trend will go on. Despite the decrease in attacks, ransomware continues to be the main cyber threat confronted by companies, and the attacks are one of the most expensive cybersecurity occurrences to mitigate. Healthcare industry attacks will still be in large numbers, with a number of groups attacking the industry, and the attacks can potentially lead to loss of life.
Guidepoint Security’s Research and Intelligence Team (GRIT) is monitoring the ransomware group activities and discovered 27 active ransomware gangs in Q3, a small reduction from Q2’s 30 active ransomware gangs. In Q3, ransomware groups publicly posted 568 victims on their data leak sites, which is 2.2% lower than the 581 victims posted in Q2. Of course, certain ransomware groups do not post the names of all their victims, and some don’t disclose any data concerning an attack when the ransom is paid immediately. According to a ransomware remediation company, Coveware, the number of posted victims indicates a declining number of companies paying the ransom.
GRIT’s report indicates that the United States has the most number of ransomware threats. As the most attacked country, the U.S. gets 38.9% of total ransomware victims; next is France with 6.2%, then the United Kingdom with 5.6%. Attacks in Spain grew considerably in Q3, and Spain rose to the top 4 with 4.9% of total victims. Attacks are likewise being performed more extensively. There were 16 countries attacked for the first time this Q3 of 2022, and 6 of them had been attacked for the first time.
The most successful ransomware groups in Q3 include BlackBasta, LockBit, Hive, AlphV, Vice Society, and Bianlian. LockBit had the most successful operation. LockBit is identified to have attacked the healthcare industry, and the Health Sector Cybersecurity Coordination Sector (HC3) issued an alert concerning the group lately. The group had more attacks in September than in the last two months, with 42% of all reported victims, growing from Q2’s 211 victims to Q3’s 235 victims.
The second most successful ransomware group is Blackbasta with 32% more victims in Q3. The third is Hive with 104% more attacks in Q3. HC3 also issued a warning about Hive lately. Hive actively attacks the healthcare sector, with 12.8% of victims belonging to the healthcare and public health (HPH) sector. Although the healthcare sector is actively attacked by a number of ransomware gangs such as LockBit and Hive, some opt not to attack the industry. Nevertheless, the sector ranked number three with regard to victim count in Q3. Hive, LockBit, and BianLian reported the greatest number of ransomware victims. Manufacturing was the first with the most publicly posted ransomware victims, and technology ranked second.
To date, there were 44 ransomware groups identified doing attacks with 1,846 publicly posted ransomware victims. In Q3, there emerged 8 new ransomware groups, which include Sparta, the rank 10 with regards to the number of ransomware victims. To date, the group has only attacked companies in Spain. Two formerly very active groups, Quantum, and Vice Society, had 48% and 57% fewer attacks in Q3.