BlackCat Pounces in December

Written by Edward Gately
January 20, 2023

Ransomware activity from cyber threat actor BlackCat surged 100% last month with the highest number of attacks the criminal group has undertaken in a single month.

This is according to the NCC Group’s latest Threat Pulse research report. It examines ransomware attacks during December.

Among other key findings:

There were 269 ransomware attacks in December, a 2% increase over November (265 attacks).
This increase contradicts the patterns observed in 2021 in which November to December experienced a decrease, attributed to a slowdown during the holiday period.
We’re approaching the highest number of ransomware victims since the peaks reached in March and April of 2022. This indicates major growth since the summer and autumn months.
Lockbit 3.0 regained its leading position, accounting for 19% of attacks, followed by BianLain (12%) and BlackCat (11%).
BianLain saw a 113% increase in ransomware activity in December over November. The group encrypts victim devices with alarming efficiency, making them a particularly dangerous variant.
Play, another threat actor first discovered last July, launched activity displaying a particular interest in the government sector with four victims (15%), rarely seen with ransomware groups due to the law enforcement crackdown that it incites.

Threat actors BianLain are adopting a new approach to publishing on their leak sites, releasing victim names in stages, using asterisks or question marks as a censor. NCC Group threat intelligence suspects this is in a bid to prompt organizations into payment, slowly releasing their names in full when payments are not made. Researchers have seen two threat actors use this technique so far, and say it may become a prominent feature of the hack and leak world in 2023.

Looking at this month’s sector trends, consumer cyclicals (44%) and industrials (25%), remain the top two most targeted sectors for ransomware attacks. Technology (11%) experienced 34 ransomware incidents, a 21% increase from the 28 attacks reported in November.

Matt Hull is NCC Group’s global head of threat intelligence.

“Although December saw some stability in the volume of ransomware attacks, this was a deviation from what we normally observe,” he said. “Over the seasonal period, we have come to expect a downturn in the volume of attacks, as demonstrated by the 37% decrease at the same time last year.”

Tags:

Edward Gately

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.