NCC’s monthly cyber report shows that Hive has supplanted BlackCat as one of the most prominent ransomware groups.
NCC’s March Cyber Threat Pulse report was officially made available this morning, and found that the rate of ransomware attacks are up and there may be a new threat group to monitor going forward. Ransomware attacks increased over 50% from February to March, and Hive was identified as the third-most active hacking group over the last month.
A new ransomware group to be aware of?
A new hacking collective that has come to the forefront of ransomware is Hive, which supplanted BlackCat in the third-most active group. Hive saw a 188% increase in the number of attacks from February, showing the most growth in rate of attacks during the last month as well. Hive, much like Lockbit 2.0 and Conti, focuses on the industrials sector for a majority (34.6%) of its attacks, but in contrast to those two groups also targeted the area of academic and educational services (15.38%) in its ransomware deployment.
The number of incidents reported in March saw an increase from 185 to 283, or a 53% increase in a one month span. As was the case in February, Lockbit 2.0 and Conti continue to make up the most active threat actors in the last month. Lockbit 2.0 carried out 96 attacks over the period, while Conti was responsible for 71 attacks and a 115% increase in activity in the last month.
This boost from February was attributed by the NCC Group to a slower winter holiday period as the two groups ramped up their rate of attacks back to their usual levels. Both groups primarily have targeted the industries of industrials, such as construction and engineering, along with consumer cyclicals over this period.
SEE: Mobile device security policy (TechRepublic Premium)
Ransomware attacks by region and sector
North America continues to be the most targeted area of the world when it comes to ransomware attacks, as 44% of the incidents reported took place in this region. North America also experienced the biggest increase in the number of attacks, jumping from 78 to 122 reported incidents over the last month. The U.S. specifically saw a 48% increase in the number of ransomware deployments, from 73 to 108, which also accounted for nearly 90% of the total attacks reported in the region.
Following North America, the rate of cyberattacks in Europe fell 5% to 37.9% in March, good for second-place in the world. Lastly, Africa had the greatest percentage increase in attacks (700%) but saw an addition of just seven additional attacks from February (one) to March (eight).
When broken down by sector, industrials continue to be the biggest victimized category when it comes to ransomware attacks. Of all the incidents reported, industrials ranked as 34% of ransomware victims, followed by consumer cyclicals (20.8%). NCC Group expects these two areas to continue being targeted by malicious actors, and urges those in these sectors to be prepared for any potential attacks as the total number of reported incidents continues to rise off the heels of the winter holiday season. The risks posed to both client and customers within these two sectors signals a greater urgency to restore services while limiting potential damage and costs.