No Respite for Organizations As Ransomware Attacks Jump 52.89% in February


Ransomware attacks worldwide rose by an alarming 52.89% between January and February this year. IT security giant NCC Group predicts ransomware actors aren’t done yet. Despite the destruction of the Conti ransomware infrastructure, new ransomware groups are quickly filling the void.

Organizations across sectors and the cybersecurity community, in particular, haven’t enjoyed much breathing space since the arrival of the pandemic. The pandemic spurred a complete shift in how organizations operate and presented a once-in-a-lifetime opportunity for cyber threat actors to run riot. Which they successfully did.

In fact, ransomware attacks increased by a whopping 291% in 2020 vs. 2019 and then by 29% in 2021 vs. 2020. It may seem 2021 was relatively safer compared to 2020, but not if you factor in compounding, i.e., the 29% increase in attacks in 2021 was on top of 291% in 2020. The number of common vulnerabilities and exposures (CVEs) also grew from 223 in 2020 to 288 in 2021.

2022 could be even worse, according to Ivanti. Half of CIOs surveyed by the Info-Tech Research GroupOpens a new window said a significant portion of time, money, and energy was spent specifically to tackle and prevent the ransomware menace in the past year.

“As a company that had invested in security over the last couple of years, we had this rude awakening that everything we’d done was not good enough,” an unnamed CIO of a mid-sized manufacturer told Brian Jackson, research director at Info-Tech Research Group. “I had to make a really difficult decision, spur of the moment, to shut down our business. We disconnected all our global sites, and we disconnected our access to every remote site.”

Since 2020, organizations and individuals alike have been dealing with an uptick in cyberattacks, some more unsuccessfully than others, with ransomware as the prime culprit. February was no different. According to the NCC Group, ransomware incidents surged from 121 in January 2022 to 185 in February 2022.

This translates to a 52.89% growth in ransomware attacks between January and February 2022, which corresponds to the 55.1% surge a year ago, i.e., January to February 2021. Usually, this particular period, along with December, is when threat actors slow down a bit. Still, the fact that this hasn’t been the case for two consecutive years indicates “a marked exit from the seasonal reduction in ransomware behavior,” NCC Group said in a blog postOpens a new window .

The U.K-based company also dismissed any possibility of falloff. “The team assesses that the volume of ransomware incidents will continue to increase as the year unfolds and threat actors get back to ‘work’.”

See More: Biggest Ransomware Attacks of 2021: A Look Back at the Chart Toppers

Most Targeted Industries by Ransomware in February 2022

In February, 35.68% of ransomware attacks were directed at the industrial sector, followed by 21.62% of attacks targeting consumer cyclicals. Technology was the third most targeted sector at 8.11%.

Technology companies are at the forefront of enabling remote work, online consumption of content, whether news or entertainment, communication, ecommerce, etc. So it is natural the sector made it to the top three. The industrial sector, i.e., manufacturing, refining, processing, and related activities, is also responsible for economic progress, making it lucrative for threat actors.

Global shutdowns caused significant damage to consumer cyclicals (automobiles, hospitality, retail, apparel, and more). But macroeconomically speaking, this was short-lived and has since rebounded fabulously as the impact of the Delta variant of SARS-CoV-2 began to wane last year. This is probably why the sector surpassed technology as the second-most targeted one.

In 2021, the most targeted sectors were oil & gas (industrial), food, pharmacy, health care, and the IT supply chain (technology).

See More: Double Extortion Through Ransomware Attacks: Why CISOs Should Worry

Most Active Ransomware Gangs in February 2022

The three most active ransomware groups are LockBit 2.0, Conti, and BlackCat, each responsible for 42.2%, 17.8%, and 11.4% of attacks. All three have one thing in common: they operate under the ransomware-as-a-service model, where attacks can be carried out even by novice attackers or bad actors with limited proficiency. After successfully extracting ransom payments, cybercriminals pay a percentage of the amount to ransomware developers.

Conti is a standout ransomware gang/strain among the three because it became a subject of internal discord when it publicly sided with Russia. A Ukrainian member leaked internal chats going back to Conti’s founding in June 2020. However, it is unlikely that Conti’s operations suffered as a result of this because of two reasons:

  • Conti was the second most active ransomware gang in January 2022 and held its position in February, thus indicating an insignificant decline in attacks, if any.
  • The leak came in the final days of February.

Nevertheless, Matt Hull, cyber threat intelligence manager at NCC Group, said: “The disruption in Conti activities comes as a welcome change, but with clients continuing to come under new attacks, it is clear that this ransomware variant is still very much in use.”

Conti, widely believed to be a Russian state-sponsored ransomware gang, was also the most active in 2021 and, according to Ivanti, was responsible for 269 attacks.

LockBit 2.0’s notoriety in January also prompted the FBI to issue a flash alert at the start of February. LockBit has been active since September 2019 but revamped their site, infra, and rebranded as LockBit 2.0 in June 2021, thus earning a place in Palo Alto Network Unit 42’s emerging ransomware listOpens a new window . The LockBit 2.0 gang now seems to have upped the ante. LockBit 2.0 was also previously known as the ABCD ransomware.

BlackCat is a new entrant to the top 3 list, replacing Snatch.

Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!