NCC Group published its monthly threat puls for April. The report pinpoints a ransomware group who were inactive for several months. The gang, CL0P made an unexpected return. While the group was one of the least active threat actors in March, it became the fourth most active in April.
21 victims

The most targeted sector of CL0P was industrials, with 45% of the gang’s attacks. The second was technology with 27%. The gang’s target sectors align with Lockbit and Conti’s sector targeting, with a slight increase in the technology sector. NCC Group also stated that it is hard to predict whether CL0P attacks will continue to increase or not. Matt Hull, global lead for strategic threat intelligence at NCC Group said,
« Although ransomware attacks appear to have steadied, the number of attacks in April is still relatively high compared with previous years. It is still critical that organizations, especially within the most highly targeted sectors, remain vigilant, and prepare themselves with the appropriate security measures.
North America has been the most targeted region of double extortion ransomware attacks for some time now, so organizations in this country should be as stringent as possible with security measures. Although there was a small decline in attacks in Europe, organizations should still remain on high alert to the risk of ransomware campaigns.
The increase in CL0P’s activity seems to suggest they have returned to the threat landscape. Organizations within CL0P’s most targeted sectors, notably industrials and technology, should consider the threat this ransomware group presents, and be prepared for it. »
NCC Group’s strategic threat intelligence team also stated that the number of victims of ransomware attacks appears to have stabilized this last month. The group observed 288 attacks in April 2022 in total. The most targeted sectors were industrials with 35% of attacks and consumer cyclical with 19% of attacks.
Lockbit 2.0 (103 victims) and Conti (45 victims) remain the most prolific threat actors, victims of CL0P increased massively, from 1 to 21. North America was the most targeted sector with 46% of attacks, followed by Europe, which made up 33% of attacks.