NCC Group’s monthly report on cyber threats features some curious news, namely the alleged closure of ransomware group Conti and the strengthening of the Lockbit 2.0 gang.
Conti, a notorious Russian ransomware gang responsible for the attack on Irish medical institutions last year, is believed to be disbanded after the internal correspondence of the gang members got into the possession of journalists. Later on (in March,) the source code of the ransomware used by the group also got leaked. Conti, originating in Russia, previously declared its support of the Russian government regarding the invasion of Ukraine. The group’s Jabber-servers were hacked, and chats were published after that. Later, two websites used by the group to communicate with victims and leak data ceased working.
However, specialists don’t expect the group to disappear. Many former Conti members founded new groups or joined the existing ones even before the gang stopped working. The known ransomware crews where Conti gangsters found their places include BlackCat, Hive, AvosLocker, HelloKitty, Quantum, and others. There are also non-encoding extortion businesses founded by other Conty participants: Karakurt, BlackByte, and Bazarcall Collective. Thus, only brand is gone, but the malefactors will hardly change their ways.
May showed an 18% decrease in ransomware activity compared to April. As before, the most attacked sectors were the industrial sector, consumer cyclicals, and technology (31%, 22%, and 10% of attacks, respectively.) Lockbit 2.0 remained the most raging ransomware actor in May, with not less than 95 victims on its account (40% of cases.) The mentioned Conti was also active alongside Hive and recently emerged Black Basta (17 cases, 7%.) The total number of ransomware attacks in May amounted to 236 (against April’s 289.)
NCC Group is a British information security advisor company based in Manchester. With over 15 thousand clients worldwide, NCC Group is presented on the London Stock Exchange and is one of the constituents of the FTSE 250 Index. Every months, the company issues a “Threat Pulse” – a comprehensive report on the world’s cyber threat landscape.