Global ransomware activity witnessed a significant surge in May, with a 24% increase compared to April, according to research conducted by NCC Group. This surge represents the second-highest number of recorded ransomware attacks so far this year. The research, conducted by NCC Group’s global threat intelligence team, is based on data collected from public data leak sites and victim disclosures.
The report revealed that there were 436 ransomware attack victims in May, compared to 352 in April. This increase can be attributed to the emergence of a new ransomware gang known as 8base. The group claimed the second-most active position, trailing only LockBit 3.0, by targeting a total of 67 victims. While 8base is not new to the threat landscape, its exploits between April 2022 and May 2023 were only made public last month through its ransomware group leak site.
According to the report, excluding the 8base attacks, the number of ransomware attacks in May 2023 is 56% higher than in May 2022 and 5% higher than in April 2023. The analysis conducted by NCC Group also revealed that each month of 2023 so far has seen a higher number of victims compared to the same month in 2022.
Aside from the increase in ransomware attacks, the report shed light on the modus operandi of the 8base threat group. Just like LockBit, 8base targeted the industrial sector and employed a double extortion technique, which involves stealing and encrypting victims’ data. Among 8base’s victims, 34% were located in the U.S. and 18% in Brazil, with 52% of them belonging to the industrial sector.
The report highlighted the uniqueness of the 8base group, specifically mentioning that the group has specific ‘terms of service’ that prohibit the involvement of third parties. NCC Group suggested that 8base might be avoiding third-party negotiators to ensure that the potential extortion amount is not reduced.
Another ransomware group that exhibited unusually high activity in May was Akira, which claimed the fifth spot in the ranking. Attacks by Akira increased by 250% in May compared to April, and the group targeted professional and commercial services, as well as the education sector.
LockBit 3.0, responsible for multiple attacks this year, including against Managed Care of North America and the Washington County Sheriff’s Office, maintained its position as the most active threat group in May. The group targeted 78 victims, with educational institutions being the second most targeted industry.
The report also emphasized the increase in attacks against the technology sector, with a 78% increase in attack volume between April and May. This poses significant risks, as cybercriminals can access intellectual property and exploit supply chains to target multiple organizations within the sector.
The research conducted by NCC Group serves as a reminder of the ongoing threat posed by ransomware attacks. The report underlines the need for businesses to prioritize strong security protections in order to mitigate the risk of data exfiltration and extortion. With ransomware attacks on the rise, organizations must remain vigilant and take proactive measures to safeguard their systems and data.
In summary, ransomware activity reached a new peak in May, with a 24% increase compared to April. The emergence of the 8base threat group added to the growing number of victims. The report also highlighted the unique characteristics of the 8base group, including its prohibition of third-party negotiators. Additionally, the Akira and LockBit 3.0 groups exhibited significant activity in May. The report emphasized the danger posed to the technology sector and the importance of strong security measures. As ransomware attacks continue to pose a persistent threat, organizations must remain proactive in protecting their systems.