Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months.
According to NCC Group data, ransomware groups launched 514 attacks in September. This surpasses March 2023 activity, which counted 459 attacks, and was heavily skewed by Clop’s Fortra GoAnywhere data theft attacks.
Clop had virtually no activity in September, which may be a sign the sophisticated ransomware gang is preparing for its next big attack.
However, the record was achieved by other threat groups, led by LockBit 3.0 (79 attacks), LostTrust (53), and BlackCat (47).
LostTrust is a new threat actor in the list, making a dynamic entrance straight to second place.
Believed to be a rebrand of MetaEncryptor due to significant code overlaps, LostTrust has already encrypted the networks of many organizations, some of whom experienced data leaks, too.
RansomedVC, a newcomer in extortion attacks employing GDPR reporting threats, is in NCC’s fourth place with 44 attacks. However, it should be noted that some of the attacks claimed by Ransomed were later found to be exaggerated.