NCC Group Reports: September’s Alarming Ransomware Spike

AvosLocker ransomware

Despite increasing efforts from law enforcement and investigators, the surge in cyber extortion operations remains unabated. The number of victims continues to grow as emerging cybercriminal factions demonstrate a relentless determination to achieve their nefarious objectives.

According to a recently published report by the NCC Group, this past September marked a historic peak in ransomware incidents. The month witnessed a staggering 514 attacks, an increase of 32% from August of the same year. When juxtaposed with the corresponding period in 2022, the upsurge is a dramatic 153%.

AvosLocker ransomware

In a prior assessment, experts from the NCC Group speculated that the annual count for ransomware onslaughts might slightly exceed 4,000. However, the current year’s recorded incidents have already reached a startling 3,500, suggesting the year-end figures might significantly surpass anticipated projections.

Among the most fervent factions orchestrating ransomware attacks in September 2023, the dominant contenders include:

  • LockBit 3.0 with 79 onslaughts;
  • LostTrust claiming 53;
  • ALPHV/BlackCat with 47; and
  • RansomedVC, responsible for 44.

The NCC Group paid particular heed to RansomedVC. This faction only began its operations in August 2023 and introduced an innovative extortion method based on fabricated GDPR fine reports linked to network vulnerabilities. Notably, RansomedVC previously claimed accountability for the breach in Sony’s networks in September.

The NCC Group’s dossier also highlights the sectors most frequently targeted in September, elucidating:

  • Industries including construction, engineering, and services bore the brunt, suffering 40% of the attacks;
  • Consumer sectors like retail, media, and hospitality encountered 18%; and
  • The technology sector was the target of 10% of these cyber onslaughts.

The escalating volume of cyber extortion attacks underscores that criminals are undeterred by law enforcement and are ceaselessly innovating methods to besiege corporations.

For fortification, organizations must place paramount emphasis on cybersecurity, ensuring consistent software updates, rigorous data backup processes, and comprehensive employee training. Only a holistic strategy will mitigate the risk of falling prey to these ransom-seeking cartels.