The Global Resilience Federation (GRF) has released its Semiannual Ransomware Report for January to June 2022. The report tracks attacks based on public sources and conversations of threat actors in closed forums. Analysts compiled data on 1,100+ incidents in the first half of 2022.
The report analyzes the impacts of major ransomware events and outcomes that have shaped the cyber security landscape for the first half of 2022, as well as probable trends and future activity.
Key findings include:
- Critical manufacturing, professional services, commercial facilities, and transportation systems were the top four targeted sectors in the first half of this year. The rise of attacks on transportation systems comes as no surprise given the sector’s importance in global supply chains and its current challenges.
- Ransomware attacks in the first half of 2022 were primarily driven by LockBit 2.0 and Conti ransomware.
- Almost 50 percent of all ransomware activity was directed at the United States.
- GRF analysts predict with medium confidence that LockBit will continue to be the leading Ransomware as-a-Service group (RaaS) in the second half of 2022. This is due to their strategic approach to targeting, avoiding what other groups would consider high value targets.
- Ransomware actors have started to use their malware to move laterally across networks instead of conducting an initial compromise.
- With more attacks being carried out through single use infrastructure, analysts have confirmed that threat actors are investing in concealing and obfuscating attacks, blurring the lines between nation-state and criminal operations.