US becomes the primary target for all ransomware attacks

It’s no secret that ransomware attacks have become a common phenomenon over the past few years, with several companies and organisations falling for it. However, a new report from cybersecurity firm Malwarebytes now highlights the true scale of this pandemic, indicating a staggering 75% increase in ransomware attacks compared to the previous year, with the US accounting for more than 43% of the reported incidents.

While countries like Germany, France, and the UK also experienced a rise in ransomware attacks, they pale in comparison to the numbers faced by the US. This is because, within the observed period, the US suffered a total of 1462 ransomware attacks from 48 different ransomware groups, targeting companies, government entities, and regular consumers. And more recently, the attackers targeted the US healthcare system, rendering several hospitals and medical facilities inoperative on Thursday.

When talking about other countries on the list, the United Kingdom emerged as the second-most targeted country, experiencing nearly 200 ransomware attacks, and Germany remained the fourth most attacked country globally and the most targeted nation outside English-speaking territories. However, France faced the highest number of attacks on its government sector.

New CLOP group

Although LockBit had been the dominant “Ransomware-as-a-Service” (RaaS) provider in the US for over a year, a new CLOP group with ties to Russia has recently emerged. Over the past year, this group has exploited two separate zero-day vulnerabilities in GoAnywhere MFT and MOVEit Transfer to breach servers of numerous companies, including the largest US pension fund.

“The use of zero-day vulnerabilities by ransomware groups like CL0P may trigger a significant shift in ransomware strategies, mirroring the adoption of the “double extortion” tactic in 2019,” reads the report.

However, this report once again highlights the importance of implementing stringent security measures for organizations. This includes conducting comprehensive security assessments, prioritizing regular software updates, and investing in reliable cybersecurity solutions.