Industry watchers are reporting a noteworthy uptick in ransomware attacks reported in February 2023, according to a recent Computer Weekly article, “Ransomware attacks up 45% in February, LockBit responsible.” There are several factors at play that might explain the surge, but NCC Group’s Global Threat Intelligence Team reports that one particular ransomware agency, LockBit, seems to be at the center of the alarming jump in ransomware incidents. Ransomware providers BlackCat and BianLian were also more active in February.
The article shares that the 240 ransomware attacks NCC recorded for February marks the biggest volume they have ever recorded during this annual period. LockBit accounted for 54% of the February ransomware attacks, or 129. By comparison, the prior month, which included a widely-reported attack on Royal Mail in the UK, saw only 50 attacks.
The article shares that January is typically a quieter month for ransomware attacks, but underscored that the two months combined represent a significant uptick- an indication of how the threat landscape is evolving and threat actors show no signs of reducing ransomware activities.
LockBit, BlackCat and BianLian Top Threat Actors in the February 2023 Surge in Ransomware Attacks
Also noted in the Computer Weekly article, LockBit 3.0 appears to be picking up from the momentum gained during 2022. The company is already leading the way as 2023’s most prevalent threat actor by a notable margin. BlackCat and BianLian round out the top three ransomware actors for the year so far.
The attacks have been especially concerning because they show a high level of skill and knowledge related to operational security. The groups “have really hit their stride in the past few months,” Computer Weekly writes. BianLian has recently shifted its focus to data theft and extortion and away from encryption after a BianLian decryption tool was released last year.
FBI Takedown of Hive Ransomware Operation a Positive Move, But Russian Link Poses a Challenge
As Computer Weekly writes, a coordinated international operation led by the FBI led to the successful takedown of the Hive ransomware operation in late January. The group was able to penetrate Hive’s infrastructure last summer, steal its decryption keys and deliver them to victims. Ultimately, members of the Hive group were sanctioned by the U.S. and the U.K.
The operation may mark a turning point in how international cooperation can help weaken and halt ransomware activity performed by organized groups. Still, because members of Hive are likely protected by Russia, there’s a high likelihood we’ll see fresh rounds of attacks under new outfits.
As mentioned in our last blog on slow-rolling ransomware attacks, the U.S. government seems to be prioritizing a disruption approach to taking down ransomware gangs and other cybercriminals, citing activity like the takedown of cybercrime forums and recovering ransomware payments made by victims to these groups.
Putting Organizations Back in the Driver’s Seat
While no tool available today can fully prevent ransomware, MixMode’s highly advanced artificial intelligence, implemented alongside robust processes and good network hygiene can give organizations unprecedented access to preemptive attack identification.
Find out how MixMode can help your organization gain confidence about mitigating future risks, including ransomware attacks. Reach out to our team to set up a demo today.
Other MixMode Articles You Might Like
Latest Mass Ransomware Attack May Mark New, Slow-Rolling Approach By Threat Actors
What Legacy and Bundled Cybersecurity Tools Miss in Large Network Environments
What is the National Cybersecurity Strategy?
SANS First Look Report: Self-Supervised Learning Cybersecurity Platform for Threat Detection
Top Data Breaches in 2022 and 2023 Point to Increases in Phishing and Ransomware
Webinar On-Demand: Meeting Federal Zero Trust Requirements with Third Wave Artificial Intelligence