The ransomware threat scene continues to evolve with the newly established Lockbit 3.0 making its mark and Conti, recording just 1 attack in June, as reported by NCC Group’s Strategic Threat Intelligence team. Continuing the recent trends on number of attacks carried out, the amount overall fell from 236 in May to 135 in June, representing a 42% overall decrease.
Despite seasonal variations possibly being at play, the reduction in activity is most likely due in part to the recent disbanding of Conti, along with the retirement of Lockbit 2.0 and subsequent appearance of Lockbit 3.0.
Sectors
Sector trends continued the usual pattern with the most targeted sectors in June being Industrials, making up 37% of ransomware attacks, followed by Consumer Cyclicals (18%), and Technology (11%).
Regions
From a regional perspective, Europe remained the most targeted region for the second month in a row with 41% of attacks compared to North America’s 36%.
Threat actors
Lockbit 2.0 remained the top threat actor, however the number of attacks decreased from 95 to 55 attacks, likely due to the transition to its Lockbit 3.0 variant. Despite this, Lockbit 2.0 remained the clear leader, with 244% more attacks than the second top threat actor Black Basta (16 victims).
Meanwhile, Conti was responsible for 94% less ransomware attacks than it was in May, with just one recorded attack, as the ransomware group disbands and begins to integrate itself with other, smaller groups, as discussed in the May Threat Pulse .
Spotlight on Lockbit 2.0/3.0
Even as the number of ransomware attacks from Lockbit 2.0 has reduced, the group continues to be at the forefront of the threat landscape and the most prominent threat actor. Reduction in Lockbit 2.0’s activity is likely due to the group’s transition to a new alias Lockbit 3.0—or LockBit Black, as the group has dubbed it themselves—meaning its attention towards attacks has been divided.
When Lockbit 3.0 has been fully established, it is expected that the threat actor’s volume of attacks will increase. This is supported by the fact that its top targets remain industrials (45%), consumer cyclicals (16%), and technology (11%), despite it being in a transitionary phase. Matt Hull, global lead for strategic threat intelligence at NCC group, said: “This month’s Threat Pulse has revealed some huge changes in the ransomware threat scene.
As long reigning top threat actor Conti has all but disappeared and Lockbit 3.0 rises to prominence, it is clear we are in a transitionary phase. Organizations should not take the overall drop in ransomware attacks at face value and will need to remain ever vigilant. “We anticipate that the volume of attacks will increase over the coming months as threat actors such as Lockbit and Black Basta regain focus, a reminder that this is an ever-changing landscape that needs to be monitored continuously.
In particular, companies operating in the industrials space should be on high alert, as this sector continues to be the top target for ransomware attackers.”
About NCC Group
NCC Group exists to make the world safer and more secure. As global experts in cyber security and risk mitigation, NCC Group is trusted by over 14,000 customers to protect their most critical assets from the ever-changing threat landscape. With the company's knowledge, experience, and investment in research and innovation, it is best placed to help organizations assess, develop and manage their cyber resilience posture. With circa 2,000 colleagues in 12 countries, NCC Group has a significant market presence in North America, Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia, Japan and Singapore.
