Skip to main content
close search
site logo
Dive Brief

Ransomware activity persists, but lags 2021 highs

Ransomware attacks are trending upward of late but not at 2021 levels.

Published Oct. 25, 2022
Matt Kapko's headshot
Senior Reporter
Ransomware spelled out in a creative depiction.
Ransomware illustrated in a string of code on a screen. Just_Super via Getty Images

Dive Brief:

  • Ransomware attack activity jumped 26% from August to September, hitting 202 victims and reaching a number of cases not observed since May, according to NCC Group’s Monthly Threat Pulse report. Last year still holds the lead for monthly highs.
  • The jump in ransomware was partly accelerated by a summer spree of attacks initiated by the LockBit ransomware group, which was responsible for more than half of all attacks tracked by NCC Group’s threat intelligence team in September. The prolific threat actor first appeared in September 2019 and is now on version 3.0 of its ransomware strain and payloads.
  • While month-to-month ransomware activity ebbs and flows, the sectors most heavily targeted and hit by attacks have held steady, according to NCC Group. The industrials sector — including construction, manufacturing, distribution and engineering products, among others — was the most-targeted industry in September with 57 incidents and accounting for more than one-quarter of attacks. Attacks on industrials doubled the next most-hit target, consumer cyclicals.

Dive Insight:

Ransomware activity remains tumultuous with the number of monthly incidents tracked by NCC Group dipping as low as 121 in January 2022 and up to 288 three months later.

So far this year, the monthly high for ransomware attacks is below last year’s highs. Threat researchers tracked 314 attacks in October 2021, and the monthly high for 2022 thus far stands at 288.

The number of ransomware attacks remained tumultuous in 2022 

Number of ransomware attacks, by month

While ransomware activity goes up and down month to month, LockBit’s heightened level of activity has been relatively consistent.

NCC Group pinned 105 ransomware attacks to LockBit during September 2022, making it the largest monthly increase in total victims for the group since January. LockBit was responsible for almost 90 attacks in September 2021.

The ransomware group has claimed responsibility for more than 12,000 attacks on its leak site, including the June 18 attack on cybersecurity vendor Entrust. Broadcom’s threat hunting team at Symantec observed LockBit affiliates infiltrating on-premises servers during the summer to spread malware on targeted networks.

The opportunistic and sometimes short-lived nature of specific ransomware threats was further evidenced by the mid-September emergence of Sparta, a new threat actor that successfully compromised 12 victims in one day, according to NCC Group.

“Against a backdrop of continuous change for threat actor groups, ransomware attacks are once again on the rise,” Matt Hull, global head of threat intelligence at NCC Group, said in a statement.

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell