Ransomware activity rose by a fifth in the last quarter, according to a report from security firm Digital Shadows.
The company, which monitors almost 90 data leak sites on the dark web, observed ransomware groups name 705 victims in Q2 2022, representing a 21% increase over last quarter’s 582. This was a resurgence in activity following a 25.3% decline quarter-on-quarter during Q1.
The LockBit ransomware group overtook Conti in victim numbers as Conti ceased operations following the leak of internal chat logs. Conti had reached almost 900 victims during its operations, but LockBit is now closing in on 1000 after a 13% growth in activity during the quarter.
LockBit also continued to innovate, releasing version 3 of its ransomware with new features, including support for payments using the Zcash cryptocurrency. It also launched a reward program for any information on high-value targets, along with a data leak site that allows anyone to purchase victim data.
At around 230, Lockbit’s quarterly victim numbers far exceeded any other group in Q2. It was accountable for almost a third of all postings to leak sites in Q2. Conti, which had limped along for several weeks after its own data leak, managed just over 50. In third place was Alphv, which grew 118% during the quarter. Basta came in fourth.
Some other smaller groups are also growing rapidly, according to the report. Vice Society, in fifth place this quarter, doubled its activity.
Industrial goods and services was by far the hardest hit sector in Q2, accounting for almost a fifth of all attacks at 18.4%. Technology cane second, at 8.7%, followed by construction (7.9%), healthcare (6.4%), and government (5.5%).
The US was the most targeted region, accounting for almost 40% of all incidents. Germany and the UK followed in second and third place.