Israeli cyber-intelligence specialist, KELA published its Q1 ransomware report. During that period, the company was able to identify more than 150 network access victims. The report says that the gangs are using a new method, which includes publishing the victim without its name. The report also shows that the number of ransomware victims dropped to 698 from 982 previous quarter. KELA also stated that the average sales cycle for network access is 1.75 days.
The number of victims dropped by 40%
Some ransomware gangs are using a new method which includes publishing the ransomware without mentioning the organization’s name.
KELA stated that the most prolific ransomware groups of Q1 were LockBit, Conti, Alphv, Hive, and Karakurt, with more than 30 victims disclosed by each operation. LockBit became the most active gang and it is still continuing its evolution as one of the most prominent operations. In the quarter, the group disclosed 226 victims. During the first quarter, Conti’s activity decreased and became second. One of its members leaked approximately 400,000 messages from different internal chats, along with the source code of their ransomware and other data, providing a glimpse of the operation’s activity and organizational structure.
The top targeted industries were manufacturing & industrial products, professional services, and technology. In the first quarter, with a 40% increase, the finance sector also made it to the top 5.
With approximately 40% of all ransomware attacks, the U.S. was the most targeted country. It is followed by K, Italy, Germany, and Canada. France, which was placed among the top 5 countries in the previous quarter, was replaced by Italy in the first quarter of 2022.
KELA stated that some groups are using a new method, which includes publishing a victim without mentioning the company’s name. Midas published a few victims claiming “a new company” as their victim on their data leak site. When the organization refuses to pay, the gang edits the post and adds the victim’s name.