Ransomware up 30%, SME preferred target of hackers

This is stated by the new Swascan report, according to which globally 707 targets were hit from January to March 2022, with Italy the fourth country among the most targeted. And here comes the ranking of the 15 most active cybergang: LockBit at the top 22 Jul 2022 Veronica Balocco

The number of companies victims of ransomware is growing: 707 targets were attacked in 62 countries in the second quarter of 2022, with Italy the fourth country among the most targeted in the world. This figure grew by 37% over the same period of 2021 and 30% on the previous quarter, with a significant increase in the number of small and medium-sized enterprises involved: 72% of companies victims of data exfiltration accompanied by ransom demands have a turnover of less than 250 million dollars. This is the result of the raid on the web of the first fifteen most active cybergangs in the second quarter of 2022, according to the "Gang Ransomware Q2" report (DOWNLOAD HERE THE FULL REPORT) prepared by the Soc and Threat Intelligence team of Swascan. An analysis conducted through the proprietary cyber threat intelligence platform and released online on the website of the Italian cybersecurity company belonging to the Tinexta Group. The report, unique in its kind for the amount of data and continuity of analysis, provides an updated map of cybercriminal activity on the net in the fifth month of the Ukrainian conflict. Index of topics • SMEs increasingly targeted by cybercriminals • The ranking of the most active cybergang: LockBit in first place • Increasingly sophisticated attack technologies: vulnerable SMEs SMEs increasingly targeted by cybercriminals "In the second quarter of 2022 – as reported in the report by the CEO of Swascan, Pierguido Iezzi – a significant increase in ransomware attacks was observed, mainly due to a spike in activity by one of the most prolific group, LockBit, which reaches an average of 6.6 victims per day, definitively surpassing the Conti gang. In April, three new ransomware gangs emerged: Onyx, Mindware and Black Basta. At the same time, we saw the unwelcome return of Revil, one of the most dangerous groups in the world, while Conti gradually disappeared, with some of its leaders transiting into other gangs. The service industry is the most affected sector and the United States the most attacked country. However, the trend is also growing in Western Europe, where Germany is in first place, while Italy falls to fourth position in the ranking. Finally – concludes Iezzi – if last year ransomware attacks against large organizations were on the rise, in 2022 we note an increase in attacks against SMEs. A target often extremely easy prey for criminal hackers, because they do not adopt adequate security measures as they are less equipped to deal with cyber threats. At the same time, they are interesting targets because they provide companies that are more attractive in terms of size: if we want, they represent a secondary "door" to much more important supply chains, often completely devoid of cybersecurity solutions". The ranking of the most active cybergangs: LockBit in first place Scrolling through the ranking of the most active cybergangs in the second quarter of 2022, in first place with over 200 attacks scored, stands out the Russian LockBit, born in June 2019 and in clear progression since the beginning of the year, which scores 30.2% of all ransomware attacks of the period examined. In second, third and fourth place – each with more or less 50 attacks to its credit – we find Alpvh / BlackCat, gang of unknown origin, Black Basta and Conti: the latter, in June no longer active, with a total of 180 million dollars of extortion from its victims in 2021 was considered the most dangerous in the world until the beginning of the conflict, when, openly siding with pro-Putin positions, he suffered a serious defection with important leaks concerning his criminal activity. Increasingly sophisticated attack technologies: vulnerable SMEs The report then analyzes the specifics of the most important gangs, considering in particular the criminal marketing techniques of the emerging LockBit; examines the geographical distribution of the victims of the attacks, evaluating the role of the United States and Europe; finally, analyzes the type of companies affected, classifying them according to turnover and the reference business. "According to statistics – considers Iezzi in this last regard – a large part of the victims affected by ransomware are medium-small companies. Criminal hackers have intensified their research and techniques, introducing increasingly targeted and sophisticated attack technologies. We are used to reading in the newspapers the news of cyber attacks against large companies: however, if on the one hand large companies have a greater economic availability, they are also the same ones that implement structured cybersecurity solutions. SMEs – concludes the CEO of Swascan – on the other hand are much more vulnerable, also due to the lower economic availability and at the same time have access information or data of their suppliers available and therefore a starting point for new attacks. It is no coincidence that in Q2 we saw an increase in attacks against service companies, more exposed in terms of defense tools, as mentioned, but also for their strategic position within the supply chains".