A 52.89% increase in ransomware attacks compared to January
According to NCC Group's monthly threat pulse, ransomware attacks increased by 52.89% compared to January.
NCC Group's Strategic Threat Intelligence team says this increase represents a marked exit from the seasonal reduction in ransomware behaviour observed by the team across December and January.
The pattern echoes NCC Group's 2021 findings, where a 55.1% increase was observed between January and February. The team says the volume of ransomware incidents will continue to increase as the year unfolds, and threat actors get back to work. The top players remained consistent in February in terms of key threat actors. Lockbit 2.0 remains the most persistent contributor, with 42.2% of all attacks.
The sector most targeted by Lockbit 2.0 was industrials, accounting for 30.77% of their total attacks in February. The group says this remains consistent with attacks in January, when businesses in the industrials sector accounted for 31.7% of their victims.
Conti remains the second-largest player, with 17.8% of attacks. However, the third-largest contributor in February was BlackCat instead of Snatch in January. BlackCat accounted for 11.4% of all attacks, a significant rise on the 5% in January, showing a steady increase in their activity.
Industrials was the most targeted sector, consistent with the team's findings in January, making up 35.68% of attacks. In contrast, consumer cyclicals was the second most targeted sector with 21.62% of attacks. Analysis suggests that the increase in the number of attacks in these sectors compared with January was responsible for the overall growth observed by the team this month.
An equal number of attacks were observed in North America and Europe last month. This was an abnormal finding, as up until then, North America had adopted a clear leading position. This month, the team again observed an equal number of ransomware incidents in the two continents, with both suffering 78 incidents.
"With ransomware attacks increasing, as would be expected after the seasonal reduction in January, it's vital that organisations continue to ensure they apply appropriate security measures," says NCC Group cyber threat intelligence manager, Matt Hull.
"This is especially important for the Industrials sector, which continues to be the most frequent victim of ransomware. It's interesting to see a regional trend emerging in Europe and North America, with both regions seeing the same number of victims of double extortion ransomware attacks.
He says by continuing to closely monitor if this pattern persists, they will be able to determine what this means for the broader European threat landscape.
"The disruption in Conti activities comes as a welcome change, but with clients continuing to come under new attacks, it is clear that this ransomware variant is still very much in use," says Hull.
"Our Strategic Threat Intelligence team continues to keep an eye on the use of Conti, and as always will provide updates to our customers to help them manage the risk to their organisations."