Healthcare Ransomware Threat High Despite Slight Downturn in Attacks in Q3
There was a slight downturn in ransomware attacks in Q3, although it is too early to tell if that downward trend will continue. Even with the reduction in attacks, ransomware is still the biggest cyber threat faced by organizations, and the attacks are among the costliest cybersecurity incidents to mitigate. Attacks on the healthcare industry continue to be conducted in high numbers, with several groups targeting the sector, even though the attacks have the potential to result in loss of life.
Guidepoint Security’s Research and Intelligence Team (GRIT) has been tracking the activity of ransomware gangs and identified 27 active ransomware groups in Q3, a slight decrease from Q2 when there were 30 groups conducting attacks. In Q3, there were 568 publicly posted ransomware victims – a 2.2% decrease from the 581 victims publicly posted in Q2. In Q3, new victims were publicly posted at a rate of 6.24 per day. Of course, there are some caveats with these findings. Some ransomware groups do not add all of their victims to their data leak sites, and some offer not to publicly release any information about an attack if the ransom is paid promptly. That said, figures published by the ransomware remediation firm Coveware indicate the number of organizations paying ransoms is declining.
The report shows that the ransomware threat is greatest in the United States, which is the most targeted country with 38.9% of total victims, followed by France (6.2%), and the United Kingdom (5.6%). Attacks in Spain increased significantly in Q3, which saw the country rise to 4th spot with 4.9% of attacks. Attacks are also being conducted more widely, with 16 countries targeted for the first time this year in Q3, and 6 of those countries targeted for the first time ever.
The most prolific ransomware groups in Q3 were LockBit, BlackBasta, Hive, AlphV, Bianlian, and Vice Society, with LockBit by far the most prolific operation. LockBit is known to target the healthcare sector, and a warning about the group was recently issued by the Health Sector Cybersecurity Coordination Sector (HC3). The group increased the number of attacks in September compared to the previous two months, and accounted for 42% of all publicly posted victims, increasing from 211 victims in Q2 to 235 in Q3.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Blackbasta was the second most prolific group and there was a 32% increase in victims in Q3, with Hive in third place with attacks increasing by 104% in the quarter. A warning was also issued by HC3 about Hive recently. Hive actively targets the healthcare industry, with 12.8% of its victims in the healthcare and public health (HPH) sector – twice the percentage of HPH sector victims as LockBit. While the healthcare industry is actively targeted by several ransomware groups such as LockBit and Hive, some choose not to attack the sector. Even so, the industry ranked third in terms of victim count in Q3, with LockBit, Hive, and BianLian claiming the highest number of victims. Manufacturing ranked first for publicly posted victims, with technology ranking second.
So far this year, 44 ransomware groups have been observed conducting attacks, and there have been 1,846 publicly posted victims. 8 new ransomware operations emerged in Q3, including Sparta, which made the top 10 in terms of the number of victims. The group has so far conducted all of its attacks on organizations in Spain. Combined, two previously highly active groups, Vice Society and Quantum, decreased attacks by 48% and 57% respectively in Q3.
