RANSOMWARE THREAT LANDSCAPE OVERVIEW

The reporting period witnessed a surge in ransomware activity with the total number of victims increasing to 202 from 164 in the previous week. Qilin ransomware reclaimed the top spot with 94 victims, 46.5% of the total victim count. Sinobi, Coinbasecartel and Akira followed at a distance with 10 victims each.

Manufacturing became the top-targeted industry with a total of 41 victims (up from 28). Business Services (29 victims) and Healthcare (24 victims) also notable activity, with Healthcare (20 victims) becoming part of the top three.

Geographically, the United States maintained its high volume of attacks, witnessing 96 victims. A notable change was the rise in attacks on France, which went from 3 to 17 victims. Canada (11 victims) and Germany (8 victims) also featured in the top-targeted countries.

OBSERVATIONS

• Qilin Dominance: The 347.6% rise in activity from qilin is the most notable observation of this reporting period, confirming a major, successful campaign by the group.
• Targeting of Critical Sectors:The rise in hits against Manufacturing (41 victims) and the appearance of Healthcare (24 victims) within the top three indicates a strong affinity for sectors where system downtime threatens revenue, life, or business-critical operations.
• Cybersecurity Company Breach:The attack on “SK shieldus” by “blackshrantac” is a notable event. This specific targeting of a mobile and web application security company demonstrates that threat actors are attempting to compromise security firms, likely in search of proprietary tools, client data, or to damage reputation and undermine trust in security providers.
• Increased focus on France as a High-Priority Target:The sudden increase in attacks on France is a notable one, indicating a new, localized campaign or successful affiliate activity focused on the country.

NEWLY OBSERVED RANSOMWARE GROUPS

The following ransomware groups were observed and reported for the first time during this reporting period:

• Nasirsecurity
• Radiant

RECOMMENDATIONS

• Organizations, especially those in the Manufacturing and Healthcare sectors, must reassess their defenses against known TTPs of the Ransomware groups immediately, with a focus on the initial access vectors and lateral movement.
• Organizations should develop a well-defined incident response plan. This plan should include not only technical recovery steps but also communication and public relations strategies to manage the reputational fallout.
• Organization should maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location.
• Organizations should implement a strong foundational security posture now more than ever. This involves implementation of Multi-Factor Authentication (MFA), exhaustive patch management, vulnerability scans, and robust identity and access control.
• Organizations in France should increase their security monitoring and incident response readiness, acknowledging the increased threat demonstrated this week.
• Organizations in the United States should consider additional protective measures, such as enhanced monitoring of network traffic and a comprehensive incident response plan, to mitigate the higher risk of attack.
• Organizations should constantly assess the security posture of suppliers and partners because supply chain compromises are becoming a common way for threat actors to gain access.
• Organizations should practice timely sharing of attack data among industry peers to improve situational awareness and defense coordination.