RansomHub Leads, Lockbit Declines in Global Ransomware Attacks

Year-on-year numbers of global ransomware attacks have decreased, mainly due to declines in recent months. However, the NCC Group’s Threat Pulse report for July revealed a sharp rise, with attacks jumping from 331 in June to 395 in July – a 20% increase. One reason could be that many IT security professionals, like others, take time off during the summer, presenting an opportunity for cybercriminals to strike.

Notably, a shift may be underway among the top threat actors. Familiar villain Lockbit 3.0 has seen a drop in activity, though it remains significant, registering 37 attacks in July, making it the second most active group. That’s a far cry from the dominance Lockbit once displayed, signaling that global efforts to disrupt the group are having an impact.

RansomHub led the pack, with 43 attacks – up from 27 the month before. This group is gaining momentum, and it will be interesting to see if it soon gets a target on its back like other chief threat actors have.

Credit: NCC Group

Of course, while the biggest players dominate, smaller groups also demand attention. Akira followed closely with 29 attacks, while Hunters claimed 25, Play registered 20, and Meow launched 16. Ransomware is a thriving market where taking down one group only fuels the rise of another.

Related:Linux Ransomware Threats: How Attackers Target Linux Systems

Industries and Regions Most Affected

Industrials remains a favorite among vertical markets, seeing 125 attacks – accounting for one-third of all attacks recorded. These attacks seem more strategic, aiming at critical infrastructure that must stay operational. Threat actors will invest extra time and effort to breach strong defenses because successful attacks can yield a large payday. Additionally, industrial systems often present more access points to exploit. 

Other sectors also saw activity that deserves attention. Consumer Cyclicals came in second, with 48 attacks, most targeting the Hotels and Entertainment subsector. Healthcare suffered 44 attacks, with the UK’s National Health Service particularly vulnerable. 

Regionally, North America was the worst hit, with 56% of total global attacks (220 incidents). Europe experienced 83 attacks, representing 21%, slightly down from the previous month. South America saw an increase, with attacks rising from 14 to 18. Oceania, with only 6% of the total incidents, saw an enormous jump from 10 attacks in June to 22 in July. 

The NCC Group’s Threat Pulse report is produced by a team of threat intelligence professionals who monitor various sources of ransomware data. Data includes leak sites associated with cybercriminal groups, information from companies recently attacked, and the NCC Group’s internal research and analysis.