New research suggests that ransomware operators may have given victims a bit of respite over the summer, but now it seems to have ended as the number of attacks has increased again.
In the Avast threat report published in the second quarter of 2022, the number of global ransomware attacks increased by almost a quarter (24%) in just three months (compared to the first quarter of 2022).
The increase, coming after the “months of decline”, was most felt at the end points (opens in a new tab) in Argentina (56% increase), Great Britain (55%), Brazil (50%), France (42%) and India (37%).
Conti breaks up, sends out shock waves
Avast Malware Research Director Jakub Kroustek says there were two main reasons for the decline in the fourth quarter of 2021 and the first quarter of 2022: one was law enforcement ‘intercepting’ members of the ransomware group, and the other was the war on Ukraine.
Although ransomware operators did not exactly replace AK-47 keyboards, their focus has been shifted to help one or the other political agenda.
Conti, the main ransomware operator, was hit the most, recalls Kroustek, saying that group members and partners disagreed on Conti’s stance, resulting in a slowdown or even a complete halt to activity.
“In the second quarter of 2022, the situation changed radically. Conti members branched out to create new ransomware (opens in a new tab) groups such as Black Basta and Karakurt, or they can join other existing groups such as Hive, BlackCat or Quantum, causing an increase in activity, ”he concluded.
When the invasion of Ukraine began for the first time, Conti publicly stated that he supported the Russian regime and threatened to retaliate against anyone who tried to attack the Russian government in cyberspace. This did not suit the Conti troops, many of whom were Ukrainian. Soon, one hacker started exposing Conti’s source code as well as private messages. At the end of May, Conti officially shut down and its members joined many other ransomware groups.