Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 929
- Points
- 113
LockBit is once again leading the industry, despite the best efforts of law enforcement agencies.
According to a recent report from Cyfirma, ransomware activity increased significantly in May 2024, with notable changes in the activities of leading groups. The largest increase in activity was demonstrated by the LockBit group, becoming the leading threat with 174 victims.
The manufacturing sector was hit hardest, with 85 incidents. While the US was the most targeted geography, with 249 reported attacks. Arcusmedia, SpiderX, and FakePenny groups are among the new cyber threats.
The activity of the leading ransomware groups in May 2024 has changed compared to April. So, LockBit's activity grew by 625%, and INC Ransom by 100%. The Play group increased the number of attacks by 10.34%, and RansomHub by 4.17%. Medusa, which was absent in April, returned with 23 incidents.
LockBit, which appeared in 2019, continues to evolve, despite regular law enforcement measures. The group quickly recovered from the elimination of its infrastructure in February, becoming the most active again in May.
Ransomware activity in various industries also increased in May of this year. In manufacturing, sales increased by 28.79%, in real estate and construction-by 66.67%, and in banking and finance-by 105%.
Government agencies and legal services increased the number of incidents by 48%, and healthcare-by 71.43%. In e-commerce and telecommunications, growth was 230%, in IT-55.56%, and in transport - 21.05%.
Education showed an increase of 250%, and the hotel business - by 17.65%. Media grew by 116.67%, while energy declined by 33.33%, and FMCG - by 4.26%.
The United States (249), Great Britain (34), Canada (23), Spain (19) and France (18) were the main targets of attacks in May 2024.
LockBit Black is mainly distributed through the Phorpiex botnet, sending phishing emails with infected attachments. Blackbasta uses social engineering, using phishing calls and malicious links to gain access to systems.
The SpiderX group offers its services on underground forums, demonstrating advanced features and high efficiency. FakePenny, which uses a bootloader and cryptographer, is demanding ransoms as high as $6.6 million in bitcoin. Arcusmedia, which was first identified in May, has already committed at least 17 incidents, mainly targeting South America.
Key events in May include the attack on the Singing River healthcare system, which affected 895,204 people, and the sale of the source code of INC Ransom on hacker forums for $300,000. Attacks on Windows administrators via fake software download sites were also recorded.
According to reports, about 31% of enterprises are forced to suspend their activities after ransomware attacks, and 40% are forced to reduce their staff. In 35% of cases, there are personnel changes at the level of top managers. The average financial loss of companies is about $200,000, and 75% of small and medium-sized enterprises face the threat of closure.
The growing activity of ransomware underscores the need to strengthen cybersecurity measures. Investing in advanced security technologies, training employees, developing incident response plans, cyber risk insurance, and regular security audits will help reduce risks and minimize damage.
According to a recent report from Cyfirma, ransomware activity increased significantly in May 2024, with notable changes in the activities of leading groups. The largest increase in activity was demonstrated by the LockBit group, becoming the leading threat with 174 victims.
The manufacturing sector was hit hardest, with 85 incidents. While the US was the most targeted geography, with 249 reported attacks. Arcusmedia, SpiderX, and FakePenny groups are among the new cyber threats.
The activity of the leading ransomware groups in May 2024 has changed compared to April. So, LockBit's activity grew by 625%, and INC Ransom by 100%. The Play group increased the number of attacks by 10.34%, and RansomHub by 4.17%. Medusa, which was absent in April, returned with 23 incidents.
LockBit, which appeared in 2019, continues to evolve, despite regular law enforcement measures. The group quickly recovered from the elimination of its infrastructure in February, becoming the most active again in May.
Ransomware activity in various industries also increased in May of this year. In manufacturing, sales increased by 28.79%, in real estate and construction-by 66.67%, and in banking and finance-by 105%.
Government agencies and legal services increased the number of incidents by 48%, and healthcare-by 71.43%. In e-commerce and telecommunications, growth was 230%, in IT-55.56%, and in transport - 21.05%.
Education showed an increase of 250%, and the hotel business - by 17.65%. Media grew by 116.67%, while energy declined by 33.33%, and FMCG - by 4.26%.
The United States (249), Great Britain (34), Canada (23), Spain (19) and France (18) were the main targets of attacks in May 2024.
LockBit Black is mainly distributed through the Phorpiex botnet, sending phishing emails with infected attachments. Blackbasta uses social engineering, using phishing calls and malicious links to gain access to systems.
The SpiderX group offers its services on underground forums, demonstrating advanced features and high efficiency. FakePenny, which uses a bootloader and cryptographer, is demanding ransoms as high as $6.6 million in bitcoin. Arcusmedia, which was first identified in May, has already committed at least 17 incidents, mainly targeting South America.
Key events in May include the attack on the Singing River healthcare system, which affected 895,204 people, and the sale of the source code of INC Ransom on hacker forums for $300,000. Attacks on Windows administrators via fake software download sites were also recorded.
According to reports, about 31% of enterprises are forced to suspend their activities after ransomware attacks, and 40% are forced to reduce their staff. In 35% of cases, there are personnel changes at the level of top managers. The average financial loss of companies is about $200,000, and 75% of small and medium-sized enterprises face the threat of closure.
The growing activity of ransomware underscores the need to strengthen cybersecurity measures. Investing in advanced security technologies, training employees, developing incident response plans, cyber risk insurance, and regular security audits will help reduce risks and minimize damage.
