Ransomware activity increased in February according to the latest GRIT Ransomware Report from GuidePoint Security. The report is based on data collected by the GuidePoint Research and Intelligence Team, which reports a 51.5% increase in attacks compared to January and a 15.8% increase in attacks compared to February 2022.

The LockBit 3.0 ransomware group was particularly active in February, posting more than twice the number of victims (129) on its leak site as January (50), accounting for virtually all of the monthly increase in attacks. ALPHV/BlackCat also listed more victims (30) on its data leak site than January (21), with Royal and BinLian in the third and fourth spots. Medusa completed the top 5. There was a 21% decrease in Royal ransomware victims compared to January, but a massive 400% increase in BianLian victims. According to the cybersecurity firm Redacted, the BianLian group appears to have changed tactics and is now increasingly monetizing its breaches without using file encryption and is concentrating on extortion after stealing data.

While the healthcare industry is often targeted by ransomware gangs, there was a shift in the industries targeted by ransomware groups in February, with a marked increase in attacks on the food and beverage, banking/financial services, and engineering industries. The GRIT team reports that healthcare was the 7^th most targeted sector out of 10 sectors tracked. While the most active ransomware groups do not appear to be primarily targeting the healthcare industry, there are many smaller ransomware groups that are steadily conducting attacks and GuidePoint Security has warned that these smaller groups, which often break away from larger ransomware groups, are more likely than the larger groups to actively target the healthcare sector.

The researchers also drew attention to the Royal ransomware group, which is a relatively new addition to the threat landscape having only been in operation since September 2022. The group has conducted at least 97 attacks since then but there is concern that activity will increase. Royal is believed to include members from other ransomware operations such as Conti and the group is thought to have considerable experience in conducting ransomware attacks. Recently, the Health Sector Cybersecurity Coordination Center issued a warning about Royal ransomware and said the group poses a threat to the healthcare and public health sector. Royal was behind the recent ransomware attack on the medical device manufacturer Revenetics, although the majority of the group’s victims so far have been in the technology sector

As was the case in January, the majority of attacks were on targets in the United States, which experienced 62 attacks in January and 117 attacks in February, although attacks were more geographically spread last month and occurred in 48 countries compared to 38 in January.

The post Ransomware Attacks Increased by More Than 51% in February appeared first on HIPAA Journal.