LockBit drives ransomware attacks; ransomware attacks drive inflation

When it comes to reported ransomware attacks, two strains rule the roost: LockBit and BlackCat. According to the newly published State of Ransomware Report from BlackFog, the two were tied “top” when it comes to reported ransomware attacks during November. LockBit, however, pulls ahead when looking at the raw endpoint device data and taking unreported attacks into account.

“November surprised us with the sheer volume of attacks,” says Darren Williams, CEO and Founder of BlackFog, “it was 27% more than the previous best in September.”

With regulatory fines due to be imposed on organisations in the US that don’t report breaches, Williams thinks there will be a trend moving that part of the equation downwards across 2024.

Data exfiltration is one ransomware stat that will remain dominant. “Data exfiltration continues to dominate as the primary mechanism for extortion at 90% with traffic flowing to China at 30% and Russia 9% of the time,” Williams concludes.

LockBit dominant ransomware in the UK

According to another new ransomware intelligence report, this time from ZeroFox, around 20% of all attacks in the UK can be attributed to LockBit.

While this results in the UK making up an increasing proportion of overall Europe-focused targeting, the report reveals that “there is a downward trend in the total number and proportion of its attacks against the region.” It seems that LockBit affiliates are increasingly looking for targets in North America.

The intelligence also suggests that the nature of the relationship between LockBit affiliates and specific initial access brokers, the people that sell compromised credentials for gaining entry to targeted networks, is tightening.

“Sales are increasingly moving towards private, off-forum channels rather than occurring in dark and deep web marketplaces or forums,” ZeroFox says. “LockBit affiliates are likely able to obtain discounts and even be alerted in advance to upcoming accesses that will be listed for sale.”

This makes dark web monitoring less effective as a defensive tool against such threats.

Ransomware driving inflation

The final report in this round-up of the ransomware impact comes courtesy of Veeam. UK-specific and eye-widening in equal measure, the Data Protection Trends Report 2023 suggests that ransomware drives up UK price inflation.

Following a ransomware attack, the Veeam analysis reveals that 68% of businesses were forced to increase their prices, making them, on average, 17% higher.

Some 22% said they had to raise prices by 21-30%, while 6% increased them by 31-40%.

“Ransomware has become an unfortunate part of the business landscape, but despite the worrying nature of these findings, it doesn’t have to equate to business closure or rising costs,” Dan Middleton, a Regional VP at Veeam, says.

But it does require organisations to increasingly focus on data resilience and security posture.

Recommend reading

Avatar photo
Davey Winder

With four decades of experience, Davey is one of the UK's most respected cybersecurity writers and a contributing editor to PC Pro magazine. He is also a senior contributor at Forbes. You can find him at TechFinitive covering all things cybersecurity.