Ransomware attacks are on the rise, according to a warning issued by NCC Group. The cybersecurity firm reported a record number of attacks in September, with the emergence of new groups contributing to the spike. NCC Group’s September Threat Pulse report revealed a 153% increase in ransomware attacks compared to the same period last year, with 514 recorded attacks last month alone.
The researchers attributed the increase to the emergence of two new groups, named LostTrust and RansomedVC, as well as consistent activity from established ransomware groups. These factors combined to create a busy month for ransomware attacks, making September the busiest month since July.
While September marked a record month for the number of attacks, some of the more well-known ransomware groups were inactive during this period. For example, the Clop ransomware group, known for its attacks on the MoveIT Transfer product, did not appear in NCC Group’s dataset for September. However, NCC Group warned that this does not mean the threat is over. They predict a “highly targeted mass-exploitation campaign soon” from the Clop group following their hiatus.
Despite being new to the scene, LostTrust and RansomedVC made it onto NCC Group’s list of the top 5 most active threat actors. LostTrust came in second place, while RansomedVC claimed the fourth spot after making headlines with an attack against Sony. NCC Group’s deputy global head of threat intelligence, Ian Usher, noted that RansomedVC is particularly interesting because the group was previously an initial access broker. This means they would broker access to compromised networks, rather than conducting ransomware attacks themselves. However, they have now transitioned to carrying out ransomware attacks directly, possibly due to a lack of fear of law enforcement intervention.
Two other emerging ransomware groups, Cactus and Trigona, also gained prominence in September. Cactus is known for exploiting vulnerabilities in VPN appliances to gain initial access, while Trigona targets the Zoho ManageEngine vulnerability. These groups, along with the 3AM and CiphBit ransomware groups, contributed to a 76% increase in the quantity of double extortion ransomware groups detailed by NCC Group.
Overall, NCC Group analysts observed a consistent volume of attacks from all threat groups in September. The top ten groups were jointly responsible for 70% of the monthly output, representing a 93% increase compared to the previous month. Usher expressed surprise at the volume of ransomware attacks seen in September, describing it as “quite scary” and noting that it continues to rise.
While attacks occurred across various sectors, the healthcare industry saw a particularly significant increase. NCC Group recorded 18 attacks in this sector, an 86% increase compared to the previous month. Attacks on healthcare facilities, such as Carthage Area Hospital and Claxton-Hepburn Medical, have led to disruptions in services and patient care.
The escalating trend of ransomware attacks is a cause for concern for organizations and individuals alike. As these attacks become more frequent and sophisticated, it is crucial for individuals and organizations to remain vigilant in their cybersecurity practices to protect themselves against this growing threat.