August Ransomware Roundup

Last updated on May 8th, 2024 at 11:36 pm

A cowboy ransomware operator types on his laptop while his horse looks on in the background. AI generated image.
Image created in Midjourney. Prompt: Ransomware rodeo.

According to data from eCrime.ch, 390 organizations were listed on ransomware leak sites in August. This is approximately an 18% decrease from July, which saw 478 organizations listed. The top five most targeted sectors in August were law (21), IT (18), construction (15), education (12), and government (11). 

125 of the victim organizations, 32% of the total, were listed by one ransomware gang: LockBit. LockBit was far more prolific than even the second most active gang, Alpha VM, who claimed 38 organizations. Akira, 8Base and Cloaked rounded out the top five most active gangs, with these groups respectively listing 35, 32, and 24 victims.

Exposing LockBit

AI generated image. An oil style painting of a broken old lock on a metal door.
Image created using Midjourney. Prompt: A decrepit and decaying lock, bold colors, digital art style

LockBit got a taste of its own medicine when John DiMaggio, chief security analyst at Analyst1, exposed some of the gang’s “secrets” in a report released on August 13th. According to DiMaggio, LockBit has had trouble carrying through on its threats to publish stolen company data, thanks to storage and bandwidth problems with its data leak site.

DiMaggio also reported that LockBit may have been hacked, and had been attempting to steal ransomware variants from other criminal groups.

Cl0p gets creative

AI generated image of a hacker looking at two laptops.
Image created using Midjourney. Prompt: A hacker sending data on the internet, bold colors, digital art style.

In August, Ransomware gang Cl0p, the group behind the MOVEIt transfer hack, started testing out a new way to distribute the stolen data.

Ransomware gangs usually publish stolen data on their dark web leak sites, but downloading data from the dark web can be slow. To fix this problem, Cl0p started using torrents to distribute the data. 

A test by Bleeping Computer confirmed the torrents allowed for quicker data transfer. Lawrence Abrams, Editor-in-Chief of Bleeping Computer, also noted torrents are decentralized, making them difficult to shut down. Perhaps this means torrents will become a popular choice for ransomware groups from now on.

White House summit

AI generated image. Business people gathered in a circle around a big laptop with a padlock.
Image created using Midjourney. Prompt: A group of officials gather around a laptop with a giant padlock on it, bold colors, digital art style

Schools have unfortunately become an attractive target for ransomware gangs. To tackle this problem, in August the Biden Administration held the first K-12 ransomware summit

At the summit, the administration highlighted a recent FCC proposal to provide $200 million of funding to improve cybersecurity in schools. It also revealed a plan to create a council to improve collaboration between the government and the education sector. Technology companies, including Amazon Web Services, Cloudflare, and Google, are also providing “free or low-cost” resources to assist school districts.

The takeaway

Despite a dip in the number of organizations listed on leak sites in August, ransomware continues to be a big problem. This is bad news for consumers, as it’s often our data that is stolen during these attacks!

Leave a Comment

Your email address will not be published. Required fields are marked *