More and more small and medium-sized companies (SMEs) are increasingly the focus of cyber extortionists. The APT groups Lockbit, BlackCat and Clop (or Cl0p) are particularly active with the number of their attacks. Compared to the EU, Germany is particularly badly attacked.
Trend Micro has released new analysis showing that a majority of recent ransomware attacks can be traced back to three major threat actors: Lockbit, BlackCat and Clop. The report also indicates that the number of new victims has increased by 2022 percent since the second half of 47.
APT groups Lockbit, BlackCat and Clop
The research shows that many ransomware-as-a-service threat actors are no longer targeting “big targets” and are instead focusing on smaller organizations that they believe are less well protected. In the first half of the period examined, most LockBit victims (57 percent) and a significant proportion of BlackCat victims (45 percent) worldwide are companies with fewer than 200 employees. In the case of Clop, half of the attacks (50 percent) occur against large companies, while 27 percent affect small companies.
Based on telemetry data from the Japanese cybersecurity specialist, 2023 ransomware threats were detected and blocked at the email, URL and file level in the first six months of 6.697.853. This number represents a slight decrease of 3,64 percent compared to the second half of 2022, in which a total of 6.950.935 ransomware threats were detected.
Europe's companies in sight
North America is LockBit's preferred region, accounting for approximately 41 percent of the group's total victims. Europe accounts for a good quarter of LockBit victims. Also, approximately 57 percent of BlackCat victims are in North America, followed by Europe and Asia Pacific. The Clop actors show similar geographical preferences.
In 2022, BlackCat caused quite a stir in Europe after the group attacked several significant targets, including German oil suppliers and the Carinthian state government.
Global findings of the report
- The number of Ransomware-as-a-Service (RaaS) victims increased by 2022 percent from the second half of 2023 to the first half of 47 (from 1.364 to 2.001 companies).
- The number of new RaaS groups increased by 11,3 percent during this period to a total of 69 in the first half of 2023.
LockBit, the leading ransomware family since 2022, is responsible for just over a quarter of attacks, while BlackCat and Clop each account for around 10 percent. - Finance, retail and logistics were the industries most affected by ransomware in the first half of 2023.
“We have observed a significant increase in the number of ransomware victims since the second half of 2022,” said Richard Werner, Business Consultant at Trend Micro. “Threat actors continue to innovate, target more victims and cause significant financial and reputational damage. Companies of all sizes need to prioritize and optimize their cybersecurity efforts. Our report is designed to help security professionals, policymakers and other stakeholders make better-informed decisions in the fight against ransomware.”
Background to the investigation
The analysis incorporated data from sources such as the leak websites of ransomware-as-a-service (RaaS) and extortion groups, Trend Micro's open source intelligence (OSINT) research, and the Trend Micro Smart Protection Network .
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.