Ransomware Attacks on the Rise: 450 Incidents Recorded in August

Despite many efforts by both private and public sector organizations to combat the rise of ransomware, these initiatives may not be enough. In August, ransomware attacks increased again, compared to the previous month and the same month last year. That’s according to NCC’s Group’s latest Threat Pulse report, which recorded 450 attacks in August—a 14% increase over July.

August also marked a milestone for cybercriminals, as a Fortune 50 company shelled out a $75 million ransom to the Dark Angels ransomware group—nearly double the previous record of $40 million. Unfortunately, such success often encourages more criminal activity. It will be interesting to see how long this new record will last.

In related findings, the cybercriminal group RansomHub continues to dominate as the most active threat actor, responsible for at least 72 attacks, which accounts for 16% of the total. The ambiguously named group Meow follows in second place with 41 attacks. Meanwhile, LockBIt 3.0, which recently fell on hard times, still conducted 29 attacks. Play closely trailed with 27.

Consistent with previous trends, North America remains the primary target among all regions, accounting for 232 attacks—more than half of all incidents. Europe follows, registering 28% of total attacks with 125 incidents. This figure is a warning sign, as it marks a significant increase from 83 attacks in July.

Related:BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster Recovery

Asia and South America also experienced a rise in attacks, reflecting the overall growth in ransomware incidents, though the numbers remain modest. In August, Asia reported 42 attacks, up from 41 in July, while South America saw an increase from 18 to 21. Africa saw a rise, too, going from 10 to 14 attacks.

(Credit: NCC Group) Global ransomware attacks by month

Regarding industry sectors, the Industrial sector remains the most targeted, accounting for 24% of all attacks with 109 incidents. This trend is likely due to the attractiveness of critical infrastructure as a target. The Consumer Cyclicals is now a close second with 104 attacks, while Information Technology and Healthcare share third place with 46 attacks each.

The August edition of Threat Pulse introduces a ‘Spotlight’ section, which focuses on the Summer Olympics in Paris. Global events like the Olympics attract threat actors due its unique combination of high risk and high reward. From ticketing and transportation to complex behind-the-scenes operations, various interconnected systems are involved. With massive financial resources at stake and strict time constraints, there is little room for error, negotiation, or thorough investigation. Securing all aspects of the event while ensuring everything runs smoothly is nearly impossible, especially under the world’s watchful eyes.

Related:Guide To Navigating the Legal Perils After a Cyber Incident

The Threat Pulse report reveals that threat actors extended their attacks beyond events directly connected to the Olympics. Notably, one ransomware attack targeted more than 40 museums, including the Grand Palais.

The report was compiled by a team of NCC Group threat intelligence professionals who continuously monitor ransomware data sources, including cybercriminal data leak websites and information stolen during recent ransomware incidents. The report highlights ransomware activity for the month, providing a breakdown of the findings by region, sector, month, and threat actor, along with an analysis of key events.