Malwarebytes' threat intelligence team analyzed the activities of ransomware groups in Germany from April 2022 to March 2023 and published them in their country-specific ransomware report. The result: Germany is a major global target for ransomware attacks. Black Basta in particular likes to attack.
In the Malwarebytes ranking, Germany occupies fourth place with 114 known attacks - after the USA with 1.167 attacks, Great Britain with 163 attacks and Canada with 132 attacks. Within the EU, Germany is the country that has been attacked the most. In addition, Germany is the most frequently attacked country where English is not the official language.
Ransomware: Attacks by GDP and Population
🔎 Known ransomware attacks in the top ten most affected countries from April 2022 to March 2023. (Image: Malwarebytes)
Because of the size and nature of the US economy, the US has more lucrative targets for ransomware groups than other countries. However, the conclusion that ransomware is primarily a United States problem is incorrect. Looking at the number of ransomware attacks in relation to a country's nominal gross domestic product (GDP), Canada ranks first among the most popular targets of ransomware groups with 66 attacks, followed by Spain with 55 attacks and the UK with 52 attacks. The United States, on the other hand, ranks fourth in this list with 50 attacks. Germany is in ninth place with 27 attacks per trillion US dollars of economic output.
Since the size of the countries varies greatly, it is worth taking a look at the population in addition to the GDP. Based on the attack volume per capita, Germany has almost identical attack numbers with Spain, France and Italy - and thus with three other, technologically comparable European countries. Nevertheless, it is striking that on the basis of every calculation, English-speaking countries occupy at least three of the first five places.
Germany: Not a good starting position
"The situation in Germany is anything but good, even if the initial situation is not quite as critical as in other, more severely affected countries," summarizes Marcelo Rivero, ransomware specialist at Malwarebytes. "Regardless of the yardstick we use, Germany remains one of the most attacked countries in the world and a top target for ransomware groups."
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
The construction industry is more frequently affected in Germany
🔎 Known ransomware attacks per industry in Germany from April 2022 to March 2023. (Image: Malwarebytes)
Looking at the various industries, in Germany, as in most countries, the service sector is hardest hit: 28 percent of the known attacks in the past twelve months have been recorded here. Germany is just above the global average of 25 percent.
Other industries are attacked in Germany about as often as in Great Britain and France, for example - with a few notable exceptions. Malwarebytes is not aware of any attacks on the German healthcare system in the past twelve months, and the number of attacks on legal services is also lower than in Great Britain and France.
Instead, the German construction industry seems to be a more popular target than in neighboring countries: At twelve percent, the number of attacks here is almost twice the global average and significantly higher than in the USA and Great Britain (both seven percent) and France (five percent). Percent).
LockBit and Black Basta are the most active
🔎 LockBit and Black Basta ransomware attacks per month in Germany from April 2022 to March 2023. Image: Malwarebytes)
LockBit and Black Basta were the most active ransomware groups in Germany over the past 54 months. Together, the two groups account for XNUMX percent of known attacks in Germany.
In view of the fact that LockBit is by far the most widespread ransomware worldwide, the spread in Germany is not surprising. According to Malwarebytes, the group was responsible for almost a third of all known RaaS attacks worldwide in the last year alone. It was not until March 2023, however, that LockBit was replaced at the top of the global rankings by ransomware Cl0p, in a surprising development.
Germany popular with Black Basta
Black Basta seems to be targeting German targets in particular. From April 2022 to March 2023, the group was responsible for the second largest number of attacks in Germany with 27 known attacks. For comparison, in the same period, the group was responsible for ten attacks in Britain and only three attacks in France.
Black Basta and LockBit were also the only ransomware groups in Germany last year to carry out more than four attacks in one month.
More at Malwarebytes.com
Via Malwarebytes Malwarebytes protects home users and businesses from dangerous threats, ransomware and exploits that are undetected by antivirus programs. Malwarebytes completely replaces other antivirus solutions in order to avert modern cybersecurity threats for private users and companies. More than 60.000 companies and millions of users trust Malwarebyte's innovative machine learning solutions and its security researchers to avert emerging threats and eliminate malware that antiquated security solutions fail to detect. You can find more information at www.malwarebytes.com.