惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
F
Fortinet All Blogs
Vercel News
Vercel News
C
Check Point Blog
P
Privacy International News Feed
Know Your Adversary
Know Your Adversary
Google DeepMind News
Google DeepMind News
T
Troy Hunt's Blog
TaoSecurity Blog
TaoSecurity Blog
I
Intezer
T
The Exploit Database - CXSecurity.com
Security Archives - TechRepublic
Security Archives - TechRepublic
H
Hacker News: Front Page
P
Proofpoint News Feed
GbyAI
GbyAI
Engineering at Meta
Engineering at Meta
Attack and Defense Labs
Attack and Defense Labs
S
Security @ Cisco Blogs
IT之家
IT之家
D
DataBreaches.Net
Hacker News: Ask HN
Hacker News: Ask HN
SecWiki News
SecWiki News
Y
Y Combinator Blog
Project Zero
Project Zero
H
Hackread – Cybersecurity News, Data Breaches, AI and More
L
Lohrmann on Cybersecurity
T
Tenable Blog
大猫的无限游戏
大猫的无限游戏
L
LINUX DO - 最新话题
G
Google Developers Blog
The GitHub Blog
The GitHub Blog
Recorded Future
Recorded Future
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
K
Kaspersky official blog
PCI Perspectives
PCI Perspectives
A
Arctic Wolf
Latest news
Latest news
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
雷峰网
雷峰网
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google Online Security Blog
Google Online Security Blog
P
Palo Alto Networks Blog
The Hacker News
The Hacker News
WordPress大学
WordPress大学
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
月光博客
月光博客
Schneier on Security
Schneier on Security
M
MIT News - Artificial intelligence

Threatpost

Student Loan Breach Exposes 2.5M Records Watering Hole Attacks Push ScanBox Keylogger Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms Cybercriminals Are Selling Access to Chinese Surveillance Cameras Twitter Whistleblower Complaint: The TL;DR Version Firewall Bug Under Active Attack Triggers CISA Warning Fake Reservation Links Prey on Weary Travelers iPhone Users Urged to Update to Patch 2 Zero-Days Google Patches Chrome’s Fifth Zero-Day of the Year
Ransomware Attacks are on the Rise
Nate Nelson · 2022-08-27 · via Threatpost

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

After a recent dip, ransomware attacks are back on the rise. According to data released by NCC Group, the resurgence is being led by old ransomware-as-a-service (RaaS) groups.

With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks. That’s ten more than the month prior, and more than twice as many as the second and third most prolific groups combined. “Lockbit 3.0 maintain their foothold as the most threatening ransomware group,” the authors wrote, “and one with which all organizations should aim to be aware of.”

Those second and third most prolific groups are Hiveleaks – 27 attacks – and BlackBasta – 24 attacks. These figures represent rapid rises for each group – since June, a 440 percent rise for Hiveleaks, and a 50 percent rise for BlackBasta.

It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.

Why Ransomware Has Bounced

Researchers from NCC Group counted 198 successful ransomware campaigns in July – up 47 percent from June. Sharp as that incline may be, it still falls some ways short of the high-water mark set this Spring, with nearly 300 such campaigns in both March and April.

Why the Flux?

Well, in May, the United States government ramped up its efforts against Russian cybercrime by offering up to $15 million for prized information about Conti, then the world’s foremost ransomware gang. “It is likely that the threat actors that were undergoing structural changes,” the authors of the report speculated, “and have begun settling into their new modes of operating, resulting in their total compromises increasing in conjunction.”

Hiveleaks and BlackBasta are the result of that restructuring. Both groups are “associated with Conti,” the authors noted, Hiveleaks as an affiliate and BlackBasta as a replacement strain. “As such, it appears that it has not taken long for Conti’s presence to filter back into the threat landscape, albeit under a new identity.”

Now that Conti’s properly split in two, the authors speculated, “it would not be surprising to see these figures further increase as we move into August.”