Sales: 0845 470 4001 | Support: 0845 230 6001 | Contact Form | NPS

Ransomware attacks skyrocket, with LockBit 3.0 at the forefront

Newly-released research indicates that ransomware attacks reached a record high in May, with the surge primarily fueled by a massive increase in the number of attacks perpetrated by the LockBit ransomware group and its affiliates.

In all, according to the study by researchers at NCC Group, LockBit accounted last month for 37% of all recorded ransomware attacks.

The number of reports of LockBit 3.0, the current incarnation of the notorious ransomware, had been toppled from its eight-month long reign at the top of the ransomware charts in April, with only 23 attacks reported.

However, during May reports of LockBit attacks rocketed a "staggering" 665% to 176.

All of which suggests that LockBit's relative dormancy in March was sadly temporary.

Why was LockBit so quiet? Because in February the group's infrastructure was disrupted by international law enforcement in a high-profile operation which saw the criminal enterprise compromised, and intelligence to be gathered about its administrators and network of affiliates

A $10 million reward was subsequently offered for information leading to the arrest and/or conviction of LockBit's mastermind, Dmitry Yuryevich Khoroshev.

At the time it looked like the end of the road for the LockBit ransomware gang, and that - despite the bravado displayed by the group's administrator in interviews, which included denials that he was Dmitry Khoroshev - its days as a criminal operation were numbered.

What we do know is that Khoroshev has not been apprehended by the authorities. And LockBit is still claiming to be stealing data from major organisations, and demanding large ransoms.

Despite the law enforcement action, it is possible that LockBit has not just been able to retain some of its more successful affiliates, but has also actually managed to attract new criminal partners. 

"Following the takedown of LockBit 3.0 earlier this year, speculation has swirled around whether the group would simply dissolve, as we've seen with other threat groups like Hive," explained Matt Hull of NCC Group. "However, the current surge in victim numbers suggests a different story. It's possible that amidst law enforcement action, LockBit not only retained its most skilled affiliates but also attracted new ones, signalling their determination to persist. Alternatively, the group might be inflating their numbers to conceal the true state of their organisation."

One thing is certain. Globally ransomware remains a major and rising problem, that all organisations need to protect themselves against.

Ensure that your company is acting proactively - taking measures to reduce the chances of becoming the next ransomware statistic. It's not a case of whether your business will ever find itself at the sharp end of a cyber attack, but when.

Make sure your business is properly prepared by reading our step-by-step guide on ransomware remediation.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Related Posts