2022 has been a dark year for cybersecurity, with ransomware attacks reaching unprecedented levels in recent months. France is also one of the countries most targeted by ransomware attacks.
Outpost24’s KrakenLabs research team has just shared a detailed report on the latest cybercrime trends. The group has taken particular interest in ransomware attacks, which presumably exploded in the last year. In 2022 alone, 2363 companies have been victims of data leaks by various ransomware groupssome of which are well known.
Among them, of course, we find LockBit, which has established itself as the most ransomware-generating group in the world. The collective was particularly famous last year for having hacked the giant Thales. The group even attacked a children’s hospital, before finally publicly apologizing.
LockBit is the leader in ransomware attacks
According to data from KrakenLabs, LockBit alone accounted for 34% of attacks recorded during the year, with an average of around 67 attacks per month, for a total of just over 800 attacks. The group largely dominates the ranking of the most dangerous actors. In comparison, the second group, BlackCat, has only 215 attacks in 2022, almost four times less.
The band made a lot of noise when it introduces a new version of its malware, titled Lockbit 3.0. It is in particular thanks to him that the collective had succeeded in hacking the Post Office, thus leaking the personal data of tens of thousands of customers.
To make matters worse, we learned at the end of the year that the LockBit ransomware had simply leaked on social networks, before ending up as a free download on the web. Any malicious actor could therefore use the malware on his own account, which therefore perhaps explains the popularity of the ransomware compared to its competitors.
In its report, the KrakenLabs team notes above all that new pirates generally do not remain active for long. It is very likely that some groups of cybercriminals are ultimately motivated only by attacking a single structure, after which they cease all malicious activity.
France is particularly affected by ransomware
KrakenLabs realized that ransomware attacks particularly target Western countries, and France is the fifth most affected country by these cyberattacks. In 2022, 90 attacks were recorded in our countryof which no less than 55 were performed by LockBit.
While one might expect hackers to target government institutions first, half of the attacks are in so-called “non-critical” sectors. However, one trend dominates: cyberattacks generally aim to make companies pay a substantial ransom, and thus allow hackers to make a significant profit.
Some groups have the ethos of not targeting certain sectors such as healthcare facilities, which are nevertheless considered critical sectors. These are therefore more likely to pay the ransom to unlock their systems, and thus allow their patients not to suffer from the attack. Last summer, we remember for example the southern Ile-de-France hospital center (CHSF), located in Corbeil-Essonnes, which found itself facing a ransom of 10 million dollars. The ransomware had completely paralyzed the services of the establishment, but the hospital had refused to pay, and the patients’ personal data was eventually shared online.
Some prefer simpler targets such as in the education sector, such as schools. These are generally less secure due to a lack of investment in cybersecurity measures, or simply a lack of personnel within the institutions.
Paying the ransom is not a good idea
At the end of its report, Outpost24 reminds businesses affected by ransomware to seek advice from a trusted crisis management team. Not paying the ransom is often the right solution.
Sometimes hackers demand a ransom without having access to the data of the victimswhich is why it is important to counter them before access is found.