GuidePoint Security announced the release of GuidePoint Research and Intelligence Team's (GRIT) Q3 2022 ransomware report. This report is based on data obtained from publicly available resources, including threat groups themselves, and provides an accurate representation of the ransomware threat landscape. In the third quarter, GRIT tracked 27 ransomware groups and 568 publicly posted victims.

The GRIT Ransomware Quarterly Report shows a slight slowdown of ransomware activity from the previous quarter. Despite the Manufacturing industry seeing an 18% drop quarter-over-quarter in public ransomware postings, it still was the most impacted industry, tied with the Technology vertical, which saw a 20% increase in ransomware victims. In the third quarter, from a threat group perspective, Lockbit continued to dominate the activity from Ransomware as a Service groups, and Hive's activity dramatically increased with a 104% rise in publicly posted victims. GRIT also observed eight new ransomware groups emerge this quarter and noted that there has been at least one new ransomware group each month since January 2021.

"For the second quarter in a row, we saw a slight slowdown in ransomware activity, although as many industries are ramping up operations for holiday seasons, we expect to see increased targeting from prolific ransomware groups such as Lockbit, Hive, Blackbasta, and others whose goal is to financially profit from the victims they claim," said Drew Schmitt, GRIT Lead Analyst, GuidePoint Security. "We will continue to monitor ransomware trends to provide increased awareness so that blue teams can focus their efforts on proactively improving their security postures, implementing core cybersecurity concepts, and ensuring that they are ready in case they need to respond to an event."

Key Highlights of the report:

• While the United States continues to be the country most impacted by ransomware threats, 16 countries were targeted for the first time this year, including six for the first time ever.
• While the quarter to quarter trend shows very little change among the top 10 targeted industries, the Hospitality and Insurance industries (not among the top 10) saw large increases in Q3.  
• Lockbit is still by far the most prolific ransomware group maintaining a 42% share of all publicly posted ransomware victims and targeting 48 countries in Q3.
• BlackBasta had a 32% increase in reported victims this quarter and also has shown an affinity for using Qakbot as a means to initiate attacks.
• Hive was the third most active ransomware group, focusing more on Healthcare organizations (12.8% of all reported Hive victims were in Healthcare, twice the rate of Lockbit (6.4%)).
• New to the top 10 ransomware threat actors is Sparta, which only became active in September. The group has only targeted victim organizations in Spain thus far. 

Year to date, 44 total groups have been observed with 1,846 total posted victims. While Q3 continued the same volatility of Q2, the high variability in publicly posted victims in September may be attributable to Sparta's emergence and short-lived rapid posting of victims.

‘As we noted in our Q2 ransomware trends report, our expectation of Lockbit's activity has proven true as the group increased its operations across all industry verticals and countries," said Schmitt. "It will be interesting to see if groups such as Sparta ramp up their operations in Q4."

For more information or to download the report, go to: https://www.guidepointsecurity.com/resources/grit-report-july-sept-2022/