Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks

Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.

Dark Reading Staff, Dark Reading

June 24, 2022

1 Min Read
locked laptop to illustrate ransomware
Source: the lightwriter via Alamy

A 18% drop in ransomware attacks in May is probably the result of Conti's shutdown, but the actors are regrouping under other brands, including KaraKurt, Black Byte, Hive, and Black Basta, analysts said. 

The latest report from NCC Group's threat intelligence team shows LockBit 2.0 maintained its top spot among ransomware groups, launching 40% of all attacks in May. Black Basta, which was discovered in April, along with Hive were behind 7% of attacks last month. 

“Conti’s possible shutdown represents a significant change for the ransomware threat landscape, and it cannot go ignored," said Matt Hull, global lead for strategic threat intelligence at NCC Group, in a statement announcing the ransomware attack report findings. "It will be interesting to see which smaller groups replace it as it rebrands, and how these new or evolved actors will behave – which NCC Group will of course continue to monitor.”

The findings also show industrial and critical infrastructure remain an attractive target. The sector was on the receiving end of 31% of attacks in May, followed by consumer cyclicals at 22% and technology at 12%. 

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights