Experts say that the amount of ransomware continues to grow
According to NordLocker, a new ransomware group — AlphaVM (Blackcat) — is on the rise. From January 2022 to April 2023, a total of 2,928 ransomware attacks were carried out worldwide. While the majority of these attacks were carried out by LockBit (963 attacks), AlphaVM (Blackcat) was the second most dangerous, with 321 attacks carried out in the same period.
What is the AlphaVM (Blackcat) ransomware group?
Blackcat is a ransomware-as-a-service (RaaS) operation and is one of the most advanced RaaS operations to date. This ransomware is designed to be difficult to uninstall and may attempt to disable antivirus software or other security measures. It can also modify system files and settings to ensure survivability and make recovery from an attack more challenging.
AlphaVM (Blackcat) started operating in November and is one of the most notorious ransomware groups today. Since its inception, the group has carried out 336 attacks worldwide. Typically, the group carries out an average of 10-20 attacks every month, and until April this year, Blackcat’s record was 30 ransomware attacks in February 2023.
Targets of Blackcat
Typically, the victims of this group are large organizations because they are more vulnerable to data leaks or loss. The ransoms are reported to range from US$400K up to $3M, which are required to be paid in cryptocurrencies.
Since its inception, the group has attacked a wide range of industries, including construction (12 attacks), finance (12), healthcare (12), transportation(12), retail (11), and manufacturing (10). However, the group’s attacks have mainly targeted the business services (16), tech (14), and energy (13) sectors.
As expected, the attacks are mainly targeted against US companies — 133 attacks since November 2021. However, Blackcat operates worldwide, with attacks counted in 37 countries. The other most attacked countries are Canada (31 attack records), the UK (11), Australia (9), Italy (9), and Germany (8).
Record-breaking month
In April 2023, Blackcat carried out a record number of ransomware attacks, the most since its inception — 53 attacks. This is a huge increase. The group’s attacks in other months were noticeably lower. For example, the group carried out 15 attacks in January, 30 in February, and 28 in March.
In April, as usual, US companies were attacked the most — 18 times. Germany suffered two attacks, and ten other countries were attacked.
The attackers targeted various industries, including real estate (3 attacks) and transportation equipment manufacturing companies (3). Other types of companies were in the energy (2 attacks), legal (2), retail (2), and 18 other sectors.
The majority of the companies attacked were in the private sector, but the group also managed to attack three public-sector companies in the Netherlands, Germany, and Egypt.
When it comes to the victims, the group is not picky — Blackcat’s targets range anywhere from a large American integrated oil and gas company with 40 thousand employees to a Brazilian logistics company employing only 3 people.
How to protect yourself against ransomware
Ransomware is one of the most common cyber threats facing companies today. While ransomware attacks will only increase in the coming years, you have ways to protect your data, sensitive information, and company reputation.
“Most ransomware attacks on businesses are a result of the human factor. Cybercriminals do not solely use technology — they also gather information and use various psychological tactics, such as social engineering. To avoid falling into these traps, companies need to educate their employees. All employees. Regularly,” says Aivaras Vencevičius, head of product for NordLocker.
“Other key points for cybersecurity must include proper file hygiene, encryption and backups, up-to-date software, and zero-trust network access,”
Vencevičius
Methodology: Data was collected from publicly available blogs where ransomware gangs post the names of their victims and their demands. The ransomware attacks under investigation all happened during the period between 01/01/2020 to 30/04/2023.