2 min Security

Return of LockBit 3.0 causes spike in ransomware attacks in May

Return of LockBit 3.0 causes spike in ransomware attacks in May

The return of the infamous ransomware gang LockBit 3.0 has once again caused a spike in ransomware attacks last month. Compared to the month of April, this type of attack increased 32 percent in May.

The monthly survey of the NCC Group’s security specialists shows that the number of ransomware attacks in May 2024 increased by 32 percent compared to April. Overall, hackers caused 470 ransomware attacks, up from 356 in April 2024. Compared to May 2023, -that is, the same period last year-, the number of ransomware attacks increased by 8 percent.

Return of LockBit 3.0

Security researchers say the main cause for this increase is the return of the infamous LockBit 3.0 gang. This ransomware gang was the most prevalent attacker and responsible for 37 percent of all ransomware attacks in the past month, a whopping 665 percent increase month on month.

This very high percentage is because the ransomware gang kept quiet for some time. This was mainly due to pressure from competitors, copycats and the very recent identification of the gang’s suspected Russian leader.

Other highly active ransomware gangs in May 2024 included Play, responsible for 7 percent of all attacks and RansomHub, accounting for 5 percent. Newcomers to the top ten ransomware gangs include Arcus Media, Underground and dAn0n. The latter gang specialises in performing dual extortion methods in ransomware attacks on businesses (encrypting data + stealing it and threatening to publish or sell the data).

Other results

The May 2024 report by the NCC Group further mentions that most attacks occurred in North America and Europe. The number of attacks on companies in South America is rising sharply, however. Industrial companies were the prime target, followed by organisations in the technology and consumer sectors.

Also read: Russian LockBit leader unmasked by authorities