Ransomware surged 110pc last month, report claims

5 Apr 2024

Image: © James Thew/Stock.adobe.com

A BlackFog Enterprise report suggests the bulk of ransomware attacks go unreported and that LockBit ransomware continues to be the dominant variant.

Ransomware continues to be a burden for organisations worldwide and a new report claims this type of cyberattack is rising rapidly.

A report by cybersecurity company BlackFog Enterprise claims that globally there were 59 reported ransomware attacks last month, with healthcare and government sectors bearing the brunt of these attacks. This report also claims that this marks a 110pc increase compared to March 2023.

BlackFog said there were 356 unreported ransomware attacks last month, which suggests that there are roughly six times as many unreported attacks as there are reported incidents. The organisation claims the report contains anonymised information about data movement across hundreds of organisations.

Meanwhile, it appears ransomware attackers are focused on data exfiltration, as this tactic was involved in 92pc of all attacks according to the report.

“As the primary goal of all attacks, data exfiltration ensures that attackers can threaten and sell victims’ data for years to come, regardless of whether payments are made or not,” said BlackFog founder and CEO Darren Williams.

This coincides with earlier reports about the impact ransomware had in 2023. These reports suggested that ransomware attackers were focusing more on data exfiltration than traditional “money grab” attacks, while the number of companies paying ransom demands may have gone down last year.

Lockbit remains on top

The Blackfog report also suggests ransomware attacks targeting government and healthcare organisations rose by 100pc and 76pc respectively. This was followed by education and manufacturing.

Sectors such as healthcare and manufacturing are known for being targeted by cyberattackers, due to the sensitive data they can contain.

Meanwhile, the report suggests that LockBit was still the dominant ransomware variant representing 25.8pc of all attacks, followed by BlackCat with 14.2pc. The report claims this was similar to results from the previous month.

The LockBit ransomware gang suffered a severe disruption in February, after a major international law enforcement operation seized its data leak website and gained vast amounts of data on the gang, its victims and its affiliates.

But some experts believed LockBit would not stay down for long and that it had the capability to recover and continue its ransomware-as-a-service operations. It is unclear if the ransomware attacks using LockBit ransomware stem from the organisation itself or if it involves other hackers utilising its malicious malware.

“We do however see some large changes in unreported variants this month, which is typically a leading indicator for reported attacks in later months,” Williams said. “This month we saw Black Basta and Hunters grow by 80pc and 49pc respectively, while 8Base grew by 39pc.”

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com