Ransomware, Threat Management, Malware, Data Security

November was the second busiest month for ransomware attacks this year

Share
A soldier participates in a cybersecurity exercise using a laptop computer
A cyber network defender works network defense during Cyber Shield 20 at Fort Indiantown Gap, Pa. (Pennsylvania National Guard)

With LockBit malware claiming attacks on defense giant Thales and German firm Continental, November closed with the distinction of having the second most reported ransomware attacks this year, according to a new report.

In its monthly global ransomware report, cybersecurity company BlackFog said the 42 publicly disclosed ransomware attacks in November is a 180% year-over-year increase. 

The lion’s share of the attacks (86%) used PowerShell, while 89% exfiltrated data. The average payout was just over $258,000, a 13.2% increase from the second quarter of 2022.

The healthcare and manufacturing industries saw the biggest increase by sector at 26% and 25%, respectively, while education (14%) and government (13%) also increased. 

Nearly half of the reported attacks (46%) were on organizations in the United States, while other regions, such as the UK (8%) and Canada (5%), trailed far behind. 

Variants using LockBit led the ransomware pack with a 33% increase in successful attacks, followed by BlackByte and BlackCat with increases of 25% and 14%, respectively.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Related

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

Attacks with Wolfsbane commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed.

ONNX phishing-as-a-service operation disrupted

Organizations in the financial services sector have been primarily targeted by the ONNX, whose Telegram-based operations had been cut off following a court order that allowed Microsoft to transfer the PhaaS platform's infrastructure to its servers, according to Microsoft Digital Crimes Unit Assistant General Counsel Steven Masada.

Related Events

Related Terms

BitCovert ChannelsCryptanalysisCyclic Redundancy Check (CRC)DecryptionDeepfakeDefacementDiffie-HellmanDigital Signature Standard (DSS)Disruption

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.