The number of ransomware victims in the second quarter was over a third lower than Q1 2022, thanks in part to the halt in operations from the prolific Conti group, according to GuidePoint Security.
The firm’s quarterly ransomware report was based on data obtained from publicly available resources, including postings by threat groups on their data leak sites. In the second quarter, the vendor tracked 30 ransomware groups and 581 publicly posted victims.
“The dissolution of Conti as an actively operating ransomware group in Q2 meant the group only claimed 41 victims, compared to 103 in Q1 2022 which contributed to the decrease in total victims for the quarter,” it explained.
“The GuidePoint Research and Intelligence Team (GRIT) also observed a steep decrease in claimed victims from the Clop ransomware group, with only 11 posts this quarter, compared to 173 throughout the first quarter of 2022.”
However, the news will be scant comfort for manufacturing sector organizations, which bore the brunt of attacks in the quarter. Together with those in the construction sector, in third place, they accounted for 20% of all victims in the period. Technology firms comprised the second highest number of corporate victims.
Drew Schmitt, GRIT operations lead at GuidePoint Security, explained that manufacturing and construction were hit hard by the Lockbit and Black Basta groups. The former underwent a revamp in June, from version 2.0 to 3.0, although Lockbit 2.0 remains the most prolific actor in the year to date.
However, the names attached to many groups may be misleading, as they are often connected to the same threat actors. In 2021, Chainalysis was able to connect Hades, WastedLocker, DoppelPaymer, Phoenix and Macaw Locker to the same Evil Corp group which tried to obfuscate its efforts in a bid to evade sanctions.
GRIT claimed there has been “significant fluctuations” in both the number of ransomware victims and threat groups so far this year. However, the expected surge in activity as a result of the war in Ukraine does not appear to have happened as of yet.