2022 has been a dark year for cybersecurity, with ransomware attacks reaching unprecedented levels in recent months. France is also one of the countries most targeted by ransomware attacks.
Outpost24’s KrakenLabs research team just shared a detailed report on the latest cybercrime trends. The group has taken a particular interest in ransomware attacks, which are believed to have exploded in the past year. In 2022 alone 2363 companies have fallen victim to data breaches by various ransomware groupssome of which are known.
Among them we find, of course LockBit, which has established itself as the most ransomware-generating group in the world. The collective was best known last year for hacking the giant Thales. The group even attacked a children’s hospital before finally issuing a public apology.
LockBit is the leader in ransomware attacks
According to data from KrakenLabs, LockBit alone accounted for 34% of recorded attacks during the year, with an average of about 67 attacks per month, for a total of just over 800 attacks. The group largely dominates the ranking of the most dangerous actors. In comparison, the second group, BlackCat, will have only 215 attacks in 2022, almost four times less.
The band made a lot of noise when it introduces a new version of its malware, titled Lockbit 3.0. It is mainly thanks to him that the collective succeeded in hacking into the post office and leaking the personal data of tens of thousands of customers.
To make matters worse, we learned at the end of the year that the LockBit ransomware had simply leaked onto social networks before hitting the Internet as a free download. Any malicious person can therefore use the malware for his own account, which may therefore explain the popularity of the ransomware compared to its competitors.
In its report, the KrakenLabs team mainly finds that new pirates generally do not remain active for long. It is very likely that some groups of cybercriminals are ultimately motivated only by attacking a single structure, after which they cease all malicious activities.
France in particular is affected by ransomware
KrakenLabs realized that ransomware attacks mainly target Western countries, and France is the fifth most affected country by these cyberattacks. In 2022, 90 attacks were registered in our countryof which no fewer than 55 were performed by LockBit.
While you would expect hackers to target government institutions first, half of attacks occur in so-called “non-critical” sectors. However, one trend dominates: cyber-attacks usually aim to force companies to pay a hefty ransom so that hackers can make a significant profit.
Some groups do not focus on certain sectors, such as healthcare institutions, which are nevertheless considered critical sectors. They are therefore more likely to pay the ransom to unlock their systems, and thus not let their patients suffer from the attack. Last summer, for example, we recall the Hospital Center of the South of Ile-de-France (CHSF), located in Corbeil-Essonnes, which faced a ransom of 10 million dollars. The ransomware had completely shut down the establishment’s services, but the hospital had refused to pay, and the patients’ personal details were eventually shared online.
Some prefer simpler targets, such as in the education sector, such as schools. These are generally less secure due to a lack of investment in cybersecurity measures, or simply a lack of staff within the institutions.
Paying a ransom is not a good idea
At the end of the report, Outpost24 reminds companies affected by ransomware to seek advice from a trusted crisis management team. Not paying the ransom is often the right solution.
Sometimes hackers demand a ransom without having access to the victims’ datatherefore it is important to counter them before access is found.