Ransomware Groups are Increasingly Targeting Small Businesses
A new report from Trend Micro shows ransomware attacks have increased by 47% since 2H 2022. While the most prolific ransomware-as-a-service operations continue to go big game hunting, the majority of attacks have been on small businesses where defenses are weaker.
Throughout H1, 2023, the most active ransomware groups were LockBit, Clop, and BlackCat, with LockBit behind 1 in 6 ransomware attacks on government agencies on H1 2023. Trend Micro has tracked 522 attacks involving LockBit ransomware, which accounted for 26.09% of all attacks. BlackCat ransomware was used in 212 attacks in H1 2023 (10.59%), and Clop ransomware was used in 202 attacks (10.09%). While there have reportedly been 202 Clop ransomware attacks in H1, 2023, Trend Micro said it has not detected any attempted Clop ransomware attacks on its customers in the first half of the year.
Clop was behind two mass exploitation events in H1 2023. The first series of attacks exploited a vulnerability in Fortra’s GoAnywhere file transfer solution in late January, and a second wave of attacks exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer file transfer solution in late May. In the latter series of attacks, at least 1,203 organizations worldwide had data stolen.
While the LockBit and BlackCat groups both conducted several high-profile attacks in H1, 2023, including Royal Mail, Ion Group, and Taiwan Semiconductor Manufacturing Company by LockBit affiliates, and attacks on NextGen Healthcare and Reddit by BlackCat actors, these ransomware groups have been increasingly targeting small businesses. In H1, 2023, 57.3% of LockBit attacks and 44.8% of Blackcat attacks were on small businesses. Clop has continued to favor attacks on large organizations, which accounted for 50% of its attacks, with only 27.2% of Clop attacks on small businesses.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The overall increase in ransomware attacks on small businesses has been attributed, in part, to a proliferation in ransomware groups, helped by the leaking of the source code of LockBit and Conti ransomware, which allowed cybercriminals to create their own ransomware variants to use in attacks. Trend Micro detected 45 active RaaS and RaaS-related groups in H1, 2023 up from 39 in 2H 2022 – an increase of 11.3%.
Based on ransomware file detections per month, the most commonly attacked industries throughout H1 2023 were banking (1,812 attacks), retail (733 attacks), and transportation (859 attacks), with almost half of the attacks targeting U.S. organizations. Globally, the number of victims of ransomware attacks increased by 45.27% from H2 2022. While ransomware attacks have increased, so have the number of extortion-only attacks. Newer groups appear to be favoring data theft and extortion without encryption.
To counter ransomware attacks, Trend Micro recommends enabling multifactor authentication, backing up data regularly following the 3-2-1 rule, ensuring patches are applied promptly, verifying emails before opening them, following established security frameworks, and implementing solutions with network detection and response (NDR) capabilities.
