Newly-released research indicates that ransomware attacks reached a record high in May, with the surge primarily fueled by a massive increase in the number of attacks perpetrated by the LockBit ransomware group and its affiliates.
In all, according to the study by researchers at NCC Group, LockBit accounted last month for 37% of all recorded ransomware attacks.
The number of reports of LockBit 3.0, the current incarnation of the notorious ransomware, had been toppled from its eight-month long reign at the top of the ransomware charts in April, with only 23 attacks reported.
However, during May reports of LockBit attacks rocketed a "staggering" 665% to 176.
All of which suggests that LockBit's relative dormancy in March was sadly temporary.
Why was LockBit so quiet? Because in February the group's infrastructure was disrupted by international law enforcement in a high-profile operation which saw the criminal enterprise compromised, and intelligence to be gathered about its administrators and network of affiliates
A $10 million reward was subsequently offered for information leading to the arrest and/or conviction of LockBit's mastermind, Dmitry Yuryevich Khoroshev.
At the time it looked like the end of the road for the LockBit ransomware gang, and that - despite the bravado displayed by the group's administrator in interviews, which included denials that he was Dmitry Khoroshev - its days as a criminal operation were numbered.
What we do know is that Khoroshev has not been apprehended by the authorities. And LockBit is still claiming to be stealing data from major organisations, and demanding large ransoms.
Despite the law enforcement action, it is possible that LockBit has not just been able to retain some of its more successful affiliates, but has also actually managed to attract new criminal partners.
"Following the takedown of LockBit 3.0 earlier this year, speculation has swirled around whether the group would simply dissolve, as we've seen with other threat groups like Hive," explained Matt Hull of NCC Group. "However, the current surge in victim numbers suggests a different story. It's possible that amidst law enforcement action, LockBit not only retained its most skilled affiliates but also attracted new ones, signalling their determination to persist. Alternatively, the group might be inflating their numbers to conceal the true state of their organisation."
One thing is certain. Globally ransomware remains a major and rising problem, that all organisations need to protect themselves against.
Ensure that your company is acting proactively - taking measures to reduce the chances of becoming the next ransomware statistic. It's not a case of whether your business will ever find itself at the sharp end of a cyber attack, but when.
Make sure your business is properly prepared by reading our step-by-step guide on ransomware remediation.
Stay Informed
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
About the author
Graham Cluley is an award-winning cybersecurity public speaker, podcaster, blogger, and analyst. He has been a well-known figure in the cybersecurity industry since the early 1990s when he worked as a programmer, writing the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows.
Since then he has been employed in senior roles by computer security companies such as Sophos and McAfee.
Graham Cluley has given talks about cybersecurity for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.
Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.