Fifty-eight of all ransomware attacks during the first three months of 2022 have been attributed to LockBit 2.0 and Conti ransomware gangs, with the former accounting for nearly twofold the number of attacks as Conti, reports ZDNet.
More than 200 LockBit 2.0 victims already had their information leaked in the first quarter, which is the highest so far this year, and while Conti's internal chat logs have been leaked after it had expressed support for Russia's invasion of Ukraine, the ransomware gang's operators have continued attacks, a Digital Shadows report revealed.
"Conti has shown no signs of slowing down since the chat logs and source code leak. However, the leak is a blow to the group's reputation, and could therefore affect its ability to attract new affiliates and have a long-term impact on its ability to grow," said Digital Shadows Senior Cyber Threat Intelligence Analyst Ivan Righi.
Digital Shadows also noted that while the PYSA and REvil ransomware groups have disappeared, new operations, including Night Sky, Sugar, Stormous, Zeon, x001xs, and Pandora have emerged since the year began.
"Regardless of the external factors and shifts in targeting, ransomware is likely to remain one of the biggest threats to organizations worldwide over the next quarter," Righi said.
LockBit 2.0, Conti ransomware groups most active in first quarter
Fifty-eight of all ransomware attacks during the first three months of 2022 have been attributed to LockBit 2.0 and Conti ransomware gangs, with the former accounting for nearly twofold the number of attacks as Conti, reports ZDNet.
Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Threat actors who infiltrated the online store of 5.11 Tactical were able to exfiltrate information from individuals who shopped from July 12 to August 22, including their names and email addresses, as well as their payment card numbers, expiration dates, and security codes.
While the intrusion was initially detected on September 27, attackers were able to infiltrate MoneyGram's network between September 20 and September 22, enabling the theft of customers' names, birthdates, contact details, government identification document copies, bank account numbers, transaction details, and MoneyGram Plus Rewards numbers.