Ransomware attacks dropped 37% in December, claims NCC
Ransomware attacks decreased in quantity by 37% in December 2021, with the whole variety of identified victims falling from 318 to 200, based on the newest month-to-month information gleaned from NCC Group’s Strategic Threat Intelligence Team.
However, this shouldn’t be taken as an indication that the specter of ransomware attacks is passing, with the autumn probably a seasonal one and attributable to numerous ransomware gangs taking a break after a busy few months and winding down earlier than the vacations.
“It is undoubtedly a positive to see a decrease in threat actor activity – however, organisations should not take this as a sign that they should be complacent,” stated NCC cyber risk intelligence supervisor Matt Hull.
“Cyber criminals, like many of us, tend to reduce activity in seasonal times of year, and trends suggest that attack levels are likely to rise again in the coming months.”
Among these taking a breather have been Pysa, which, after a extremely lively November that noticed it hit 60 targets, claimed only one sufferer in December. Pysa usually targets giant or high-value finance, authorities and healthcare organisations – amongst its earlier UK victims is Hackney Council in London.
NCC stated it was probably Pysa was specializing in negotiations and collections in December, and expects the January figures might present a resurgence. Such patterns have been noticed earlier than with the likes of Conti, which together with LockBit was one of many extra lively crews final month, hitting 32 and 47 targets respectively.
Significantly, December noticed the emergence of an apparently new and extremely superior ransomware op referred to as ALPHV or BlackCat, notable for being the first ever ransomware coded in the Rust language, which allows attacks to be higher customised. Additionally, ALPHV/BlackCat makes use of an entry key as a token in a ‘GET parameter’ throughout its attacks – this implies solely affiliated events can entry the negotiation chat logs as the important thing can’t be distributed, which may very well be an obfuscation measure, or a way to discourage victims from contacting legislation enforcement or media.
It additionally makes use of an affiliate scheme with a share price as a lower, relying on how a lot ransom is demanded, and runs triple extortion attacks, the place moreover information encryption and leakage, DDoS attacks are additionally deployed in opposition to victims.
“The emergence of ALPHV demonstrates that the vacuum created by the close of ransomware groups such as REvil and BlackMatter will be filled until further developments indicate otherwise,” stated Hull.
“Organisations need to take action now to ensure they have robust incident response plans in to become resilient to future attacks – especially those in targeted sectors such as industrials and consumer cyclicals.”
More stats from NCCs newest report reveal North America and Europe stay probably the most closely focused areas for ransomware attacks, with 81 and 70 victims respectively. Within Europe, organisations in the UK, France and Italy have been probably the most victimised.
Industrial organisations continued to be probably the most affected sector, accounting for 40% of victims, adopted by client cyclicals (a catch-all time period that features sectors resembling automotive, property, leisure, and retail) which accounted for 27% of noticed attacks in December.
