Ransomware attacks surged by 47% in July

According to a report by NCC Group’s Global Threat Intelligence division, ransomware attacks increased by 47% in July compared to June, adding more evidence for a trend of rising global cybercrime.

The report has its own particular metrics but it mirrors others that have come out recently which collectively paint a picture of increasing international cybercrime, with NCC claiming ransomware attacks were up by almost half, from 135 in June to 198 in July. It seems to measure large scale attacks levelled at businesses as opposed to tracking every induvial who has clicked on a dodgy link, which would obviously create a much higher number.

The report says this coincides with the rise of several new ‘threat actors’ such as Lockbit 3, Hiveleaks and BlackBasta, that are apparently operating in new ways to previous iterations. NCC also says that Lazarus Group has been active again having apparently not been for a while, and previously executed several multi-million-dollar cryptocurrency-focused attacks.

Lazarus is apparently backed by North Korea and completed a $100 million ‘crypto heist’ on Harmony’s Horizon Bridge in late June. The report speculates the increase in activity ‘may be to do with the North Korean economy shrinking once again, possibly forcing the country to lean more heavily on illegal methods of revenue.’

The worst hit sectors were industrial (representing 32% of attacks), consumer cyclicals (17%), and technology (14%), and in terms of regions, North America was the most targeted (42%), overtaking Europe (40%) for the first time in a couple of months.

“This month’s Threat Pulse has revealed some major changes within the ransomware threat scene compared to June, as ransomware attacks are once again on the up,” said Matt Hull, Global Head of Threat Intelligence at NCC Group. “Since Conti disbanded, we have seen two new threat actors associated with the group, Hiveleaks and BlackBasta, take top position behind LockBit 3.0. It is likely we will only see the number of ransomware attacks from these two groups continue to increase over the next couple of months.

“Following two major cryptocurrency heists, Lazarus Group seem to be improving their crypto-theft and ransomware operations, so it is more important than ever to monitor their activity closely. Cryptocurrency organisations in the US, Japan and South Korea should remain on high alert.”

There are a lot of reports from a lot of sources painting details of the same wider picture – cybercrime in various forms is going up. Government agencies in the UK and US have been warning about rising attacks from China and Russia as relations worsen with those countries, which includes state sponsored as well as less organised activity. Meanwhile while a recent report from Verizon claimed that with home working, and the increase in hours, locations and devices being used that that comes with it, has led to an increase in vulnerability for companies, and that there has been 22% rise in major cyberattacks in the last year involving a mobile/IoT device.


Get the latest news straight to your inbox. Register for the newsletter here.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.