According to Guidepoint Security, the number of ransomware victims who appeared on data breach sites surged to 354 in April, up 27% year-on-year, with the manufacturing industry being the hardest hit.
Latest monthly updates from security vendors GRIT Ransomware Report It was made public on Thursday ahead of today’s Interpol awareness-raising initiative “Anti-Ransomware Day.”
Read more about Anti-Ransomware Day: Interpol declares ‘Anti-Ransomware Day’.
Guidepoint’s report was compiled based on an analysis of 24 ransomware exfiltration sites, so given that many victims choose to pay and thus not be listed on such sites, the actual The number of victims can be many times higher.
However, one-fifth (19%) of the victims of those analyzed sites were manufacturing companies. Manufacturers are often designated blackmailers because of their low tolerance for production stoppages.
The number of victims decreased by 22% from March to April this year, but increased by 46% in the manufacturing sector.
LockBit was again the most prolific group, accounting for 31% of leak site victims in April, followed by Alphv (14%). But overall, the ransomware industry is increasingly characterized by a large number of small groups.
“In April 2023, we observed a range of active threat groups, including 27 unique groups. This level of diversity is the highest GRIT has observed since November 2021, It reflects the ongoing threat and survivability of smaller ransomware groups, including the newly formed ‘Splinter’ or ‘Ephemeral’ group of experienced ransomware operators,” said Guidepoint Security. explained.
A sprinter is an inexperienced group that has been active for only 2-5 months and is often splintered from larger organizations. They are identified by various public posting rates and TTPs, often borrowed from other groups.
Temporary groups have been active for less than two months, have variable but low victimization rates, and “do not develop into more developed, mature group types.”
Guidepoint also noted that ransomware groups are using increasingly aggressive tactics aimed at coercing victims to pay. These include DDoS threats, exposure of sensitive internal chats, and hijacking of university alarm systems instructing staff and students to demand payment from administrators.
