According to a report from the NCC Group’s threat intelligence team, LockBit 2.0 has continued to be the top infecting ransomware group, with 40% of May’s attacks being carried out by them, followed by Hive and Black Basta, totaling 7%. May saw an 18% drop in attacks, which is likely due to the shutdown of Conti ransomware. As the group rebrands and begins to work with other smaller groups, it will be an interesting shift to see if any of the smaller brands will begin to make up for the decline in attacks. The findings also show that industrial and critical infrastructure remain one of the most attractive targets.
As ransomware continues to be a threat to all organizations and industries, it is important to stay up to date on what the threat groups are doing and who they are affecting. Companies should also stay up to date on their response plans and defenses to ensure they are all still active and relevant. When it comes to ransomware, a defense in depth strategy should be used, along with best practices such as maintaining backups and training employees on how to spot phishing emails.