RANSOMWARE THREAT LANDSCAPE OVERVIEW

The ransomware threat landscape continued to be very dynamic during the week. Lynx emerged as the new most-active crew with 17 victims. The previously dominant crews, Qilin and Akira, were close behind with 12 victims each, with Incransom having 11 and Safepay having 10. The total number of victims dropped to 102, a huge decline from last week's 119 victims.

The Technology sector had the highest number of hits with 14 victims. Manufacturing and Healthcare were also top targets with 13 and 11 victims, respectively. The majority of attacks (22 victims) were against Unknown industry organizations, which is a trend that continues to conceal the scope of targeting.

The United States remained the most targeted country with 49 victims. This is a relatively high figure, as the second highest was the Unknown location category with 9 victims, followed by Germany with 6.

OBSERVATIONS

• The rise of Lynx to the number one spot reiterates the ransomware ecosystem's dynamic nature. It appears a new player occupies the number one spot weekly, indicating the ongoing rotation of RaaS affiliate activity.
• The change in the most-targeted sector from Manufacturing last week to Technology during the current week illustrates the opportunistic nature of threat groups, which change and shift focus quickly based on witnessed vulnerabilities or economic value.
• The unwavering focus on the United States as the primary target for ransomware attacks remains the most stable trend. The US victim count consistently accounts for nearly half of the total global victim count, which is reflective of the perceived profitability of targeting U.S.-based targets.

RECOMMENDATIONS

• Organizations should implement a strong foundational security posture now more than ever. This involves exhaustive patch management, vulnerability scans, and robust identity and access control.
• Organizations should leverage real-time threat intelligence on the ransomware groups' TTPs (Tactics, Techniques, Procedures), to ensure early detection.
• Organizations in the Technology, Manufacturing, and Healthcare industries must undertake a detailed security control audit with a focus on protecting core operating technology and intellectual property.
• Organizations in the United States should consider additional protective measures, such as enhanced monitoring of network traffic and a comprehensive incident response plan, to mitigate the higher risk of attack.
• Organizations should constantly assess the security posture of suppliers and partners because supply chain compromises are becoming a common way for threat actors to gain access.
• Organizations should practice timely sharing of attack data among industry peers to improve situational awareness and defense coordination.