One in six attacks on U.S. government offices linked to LockBit

Sept. 21, 2023
The report revealed that many ransomware threat actors are no longer going after "big game" targets, instead focusing on smaller organizations they presume to be less well-defended.

DALLAS, Sept. 21, 2023 -- Trend Micro Incorporated, a global cybersecurity leader, today published data revealing that one in every six ransomware attacks targeting U.S. government offices was traced back to the LockBit ransomware group. The report also noted that the number of new victims increased by 47% from the second half of 2022.

To read a copy of the report, LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023, please visit: https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-clop-prevail-as-top-raas-groups-for-1h-2023.

Jon Clay, VP of threat intelligence at Trend: "We've observed a significant increase in the number of ransomware victims since the second half of 2022. Threat actors continue to innovate, target more victims, and cause significant financial and reputational damage. Organizations of all sizes must prioritize and enhance their cybersecurity posture. Our report should help network defenders, policymakers, and other stakeholders make better-informed decisions in the ongoing fight against ransomware."

The report* revealed that many ransomware threat actors are no longer going after "big game" targets, instead focusing on smaller organizations they presume to be less well-defended.

Organizations of up to 200 employees accounted for a majority (57%) of LockBit victims and a plurality (45%) of Black Cat victims in the first half of this year. For Clop, large enterprises accounted for half (50%), with small businesses comprising 27%.

U.S.-based organizations remain a prime target for ransomware operators, with the highest number of ransomware victims in the first half of 2023 (949) – accounting for nearly half of all ransomware attacks. This figure represents a 69.94% increase compared to the second half of 2022. The U.K. (132) and Canada (88) were the next most affected countries.

The incidence of ransomware attacks targeting U.S. government offices in 2022 has revealed that the LockBit ransomware group was responsible for one in every six of these attacks. This highlights the persistent threat posed to government agencies in the U.S.

Other findings from the report include:

  • 47% increase in new Ransomware as a Service (RaaS) victims, from 1,364 in 2H 2022 to 2,001 in 1H 2023
  • 11.3% increase in the number of new RaaS groups over the period to 69 in 1H 2023
  • LockBit, the top ransomware family since 2022, accounted for 26.09% of total victim organizations, with BlackCat and Clop responsible for 10.59% and 10.09% of attacks, respectively.
  • The banking, retail, and transportation sectors were the most targeted in 1H 2023.
  • I.T., healthcare, and manufacturing emerged as the most targeted sectors in terms of ransomware file detection.

*The report is compiled with data collected from ransomware-as-a-service (RaaS) and extortion groups' leak sites, Trend Micro's open-source intelligence (OSINT) research, and the Trend Micro Smart Protection Network.

Courtesy of BigStock -- Copyright: Kasia Bialasiewicz
Events

SANS Orlando 2024

March 24, 2024 - March 29, 2024