Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months.
According to NCC Group data, ransomware groups launched 514 attacks in September. This surpasses March 2023 activity, which
counted 459 attacks, and was heavily skewed by
Clop's MOVEit Transfer data theft attacks.
Clop had virtually no activity in September, which may be a sign the sophisticated ransomware gang is preparing for its next big attack.
However, the record was achieved by other threat groups, led by LockBit 3.0 (79 attacks), LostTrust (53), and BlackCat (47).
LostTrust is a new threat actor in the list, making a dynamic entrance straight to second place.
Believed to be a rebrand of MetaEncryptor due to significant code overlaps,
LostTrust has already encrypted the networks of many organizations, some of whom experienced data leaks, too.
RansomedVC,
a newcomer in extortion attacks employing GDPR reporting threats, is in NCC's fourth place with 44 attacks. However, it should be noted that some of the attacks claimed by Ransomed were later found to be exaggerated.
This means that roughly one out of five attacks in September came from a new ransomware operation, highlighting their aggressiveness and capability for scale.
In terms of targeted regions, North America took the lion's share with 50%, Europe followed with 30%, and Asia was third with 9%.
The most targeted sectors were 'industrials' (construction, engineering, commercial services) with 169 attacks, 'consumer cyclicals' (retail, media, hotels) with 94, technology (software and IT services, networking, telecommunications) with 52, and healthcare with 38.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}