New research has revealed the most prolific ransomware gangs in the month of June and was conducted by researchers unearthing information published by ransomware gangs on their Dark Web sites.
The findings of the investigation shows how the Cl0p ransomware gang had the most occurrences of malware attacks in June. After a period of three months with no activity, Cl0p made a powerful comeback, surpassing LockBit as the most notorious ransomware gang of the month.
Their relentless assault consisted of a staggering 91 known attacks. In June Cl0p made public headlines with their exploitation of a zero-day in MOVEit Transfer, a widely used file transfer software. The gang launched global cyberattacks targeting several US federal government agencies and numerous companies and organizations in the US and the UK.
However this research only reveals attacks where the victim did not pay the ransom, meaning the true number of attacks will be higher, as it does not include those who have paid the ransomware gangs.
June Ransomware Activity
The five most active gangs include (listing their known attacks):
- Cl0p: 91
- Lockbit: 62
- 8BASE: 41
- PLAY: 28
- Akira: 26
Comparing the June ransomware activity report with the earlier months of the year, it becomes evident that there have been significant shifts. Notably, there has been a substantial decrease in the activity of the notorious Royal gang, which has consistently dominated the monthly rankings and frequently secured a spot in the top five.
Typically, they would carry out an average of around 30 attacks per month during that period. However, last month, they only targeted two victims, marking a stark contrast to their usual impact.
The publishers of the research, Malware Bytes, stated “While a sudden dip in attacks isn't too unusual for top ransomware gangs, it's worth mentioning that in last month’s review we speculated that Royal might be going through a rebrand. That's because a new ransomware called BlackSuit had appeared which shared 98 percent of its code with the infamous Royal ransomware.”
Manufacturing Industry Targeted In June by Ransomware Gangs
Furthermore, the research reveals a significant surge in cyberattacks during the month of June, particularly targeting the Manufacturing industry. A staggering 47 attacks were recorded, surpassing the usual average of 20 attacks per month. Additionally, Switzerland and Brazil experienced notable increases in ransomware attacks, with 14 and 13 incidents respectively. This is an alarming spike compared to their typical occurrence of only two or three attacks per month. These findings highlight the growing threat of ransomware and the need for heightened cybersecurity measures in these regions.
According to Malware Bytes, one possible explanation for the surge in ransomware attacks in Brazil and Switzerland is the disproportionate targeting by 8BASE and PLAY respectively. Last month, 8BASE launched 11 attacks in Brazil, while PLAY focused on Switzerland with 5 attacks. This targeting strategy could account for the alarming increase in cyberattacks in these regions.
Finally, the research demonstrated a surge of cyberattacks originating from relatively new ransomware gangs like Akira with 26 recorded attacks and 8Base with 41.
You can read the article and further information about the research conducted here.
