The IT Nerd

BlackFog has today released the State of Ransomware Report for November. This report contains detailed statistics on the latest ransomware attack tactics, active threat groups, and a breakdown of attacks by countries and industries.

Darren Williams, CEO and Founder, BlackFog, has offered perspectives on the last month of ransomware attacks, below: 

“Another month, another record. November surprised us with the sheer volume of attacks. Not only did it break an all-time record with 89 attacks, it was 27% more than the previous best in September. The unreported to reported ratio continues to remain stable this month at 492% continuing the trend with companies reporting breaches more often. The significant fines now being imposed by regulators will ensure this moves even lower in the coming months. 

The SEC rules require registrants to disclose material cybersecurity incidents they experience within four days and to report on an annual basis material information regarding their cybersecurity risk management, strategy and governance. The orders are effective on or about December 18, 2023. 

We saw the Healthcare and Manufacturing sectors grow significantly with increases of 21% and 20% respectively and the Finance sector by a massive 83%, effectively doubling the number of attacks in only one month. This does not bode well coming into the holiday season with the banks and financial institutions under significant pressure. 

In terms of variants, we see LockBit and BlackCat continue to dominate reported attacks, both at 19.2% each. LockBit also dominates the unreported attacks at 34.9% and BlackCat at 14.2%. As in previous months, data exfiltration continues to dominate as the primary mechanism for extortion at 90% with traffic flowing to China at 30% and Russia 9% of the time.” 

Today’s full report is linked here: https://privacy.blackfog.com/wp-content/uploads/2023/12/BlackFogRansomwareReport-Nov-2023.pdf 

BlackFog has today released the State of Ransomware report for October 2023. As always, please feel free to utilize this report and its data as needed. Additionally, Dr. Darren Williams, CEO and Founder, BlackFog, has offered his perspectives on the State of Ransomware for October 2023, below: 

     “October was the 3rd largest month for ransomware this year with a total of 64 disclosed and 303 undisclosed attacks with a ratio of 473% unreported to reported. This ratio is now one of the lowest we have seen in the last year and a good sign that companies are starting to report breaches rather than hide them. We expect this trend to continue with the recent charges against the SolarWinds CISO by the SEC. 

Other notable changes this month saw the biggest changes in the Services and Government sectors with 33% and 25% increases respectively. Smaller increases were seen in both Healthcare and Manufacturing of 16% and 13% respectively. 

BlackCat and Lockbit continue to dominate the unreported attacks with 18.8% and 16.9% respectively and also correlate with the top trends in unreported variants. As in previous months, data exfiltration continues to dominate as the primary mechanism for extortion at 90% with traffic flowing to China at 32% and Russia 9% of the time.” 

Today’s full report can be found here: https://privacy.blackfog.com/wp-content/uploads/2023/11/BlackFogRansomwareReport-Oct-2023.pdf 

BlackFog today released the State of Ransomware Report for July 2023. BlackFog releases this monthly report containing pertinent information regarding both publicly and non-publicly disclosed cyber attacks. The report also includes statistics on the most attacked countries and industries, as well as prevalent threat groups and attack methods.

 Dr. Darren Williams, CEO and Founder, BlackFog, has also provided commentary on July’s ransomware trends and statistics:    

“This month we continue to see a large volume of attacks, culminating in the highest July in 4 years, with 38 publicly disclosed and 390 undisclosed attacks. This represents a 10-fold difference between unreported versus reported attacks, as we continue to see the effects of the MOVEit exploit.

The most notable change saw healthcare overtake education as the most targeted sector, with a 29% increase in attacks. Education came a close second with 56 reported attacks, while the Government saw a 19% increase from last month. Other sectors remained largely unchanged.

BlackCat and LockBit remain the two dominant variants with 18.4% and 16.8% respectively. As we predicted last month, we saw CLOP overtake BlackCat in the number of unreported attacks due to the MOVEit exploit. We expect this to continue in the coming months as the full extent of this exploitation is realized.

Lastly, exfiltration continues to be the primary weapon of choice for attacks. Leveraging data for extortion contributes to this quarter’s all-time record, with an average payout of US$740,144. China continues to be the main destination for data loss at 41% with Russia at 9%.”

The full report is linked here: https://privacy.blackfog.com/wp-content/uploads/2023/08/BlackFogRansomwareReport-Jul-2023.pdf

BlackFog has released the June State of Ransomware Report.  

Dr Darren Williams, CEO of Blackfog, notes the following:  

“After an all-time record in May, June sees a continuation of this trend with the second highest number of ransomware attacks on record with 46 publicly disclosed, and a record 396 undisclosed attacks. This represents a ratio of 8.6:1 of unreported to reported attacks, or 860% going unreported, fuelled in part by the MOVEit attack and the CLOP ransomware variant.

This month education, healthcare and manufacturing dominated, with increases of 25%, 26% and 27% respectively. Government attacks showed one of the smallest increases of the year of only 12.5% but remains the third highest targeted sector.

In June, BlackCat and LockBit were the two dominant variants at 18.1% and 16.8% respectively. This closely mirrors the unreported attack variants, representing 50% of all successful attacks. With the sheer volume of attacks from CLOP we expect this to change over the coming months.

Finally, we saw illegal networks continue to dominate exfiltration techniques with 97% of all attacks. A large majority of ransomware is now originating and exfiltrating data to China 43% of the time, with Russia at 10%.”

You can read the report here.

61% of SMBs have been hit by a successful cyberattack in the last year, according to new findings released today from BlackFog. The research study, which examined the business impact of cybersecurity for organizations in the US and UK, also revealed the growing importance of engaging with trusted partners to meet their security challenges.

Businesses are also falling victim to repeat attacks, with 87% of IT decision makers stating they had experienced two or more successful attacks in the past 12 months. On average organizations saw close to five successful data breaches, malware or ransomware attacks affecting their network.

Critically for SMBs, the main impact of an attack was business downtime, which affected 58% of respondents. The successful attacks also negatively impacted customer trust and retention with a third of all respondents reporting that the incidents resulted in the loss of customers. Worryingly, 39% of organizations affected also reported a loss of customer data.   

The Growing Importance of Trusted Partners

The significant business impact of cyberattacks points to a growing opportunity for service providers to support and advise their customers. 

When seeking advice on new security solutions, the opinions of providers or channel partners were valued more highly than that of peers by decision-makers.  In fact, more than a quarter of all respondents (26%) rated providers and partners as the most highly trusted compared with colleagues in their company (21%), analysts (16%) and peers within other organizations (10%). 

Amongst the key findings on partnerships with external providers, the research also revealed:  

• More than two-thirds of respondents, 69%, stated they were more likely to ask their partner for advice on new cybersecurity solutions compared to last year. 
• 41% of respondents stated that knowledge of cyberthreats was the biggest challenge in effective protection; highlighting how service providers and partners have a vital role to play in providing access to information and expertise.
• The majority, 87% of respondents, stated that they felt their IT providers were focused on understanding their cybersecurity challenges. However, only 39% of respondents felt they understood all their challenges.
• High-security standards are expected from partners, with more than a third of respondents (38%) stating this was the main determining factor when choosing a managed security provider.

Methodology 

The results from this survey are from an online survey Sapio Research fielded on behalf of BlackFog with 400 IT decision makers in the US and UK from companies with 100-999 employees.

BlackFog today released the State of Ransomware Report for May. And the news isn’t good. The top item from this report is that there has been a 154% Global Increase Over May 2022. If that doesn’t send chills down your spine. Nothing will.

Dr. Darren Williams, CEO and Founder, BlackFog, comments on the findings:

     “May represents a watershed moment for Ransomware across the globe with a significant increase in the attack success rate, with a 154% increase over 2022. Notably, we saw a concerted effort to attack law firms as attackers placed increasing emphasis on data exfiltration. The value of the data continues to climb as cyber criminals look for new ways to extort organizations and their clients. This explains the 233% increase in the services industry this month.

We continue to see specific targeting of healthcare, technology, education and government with increases of 81%, 57%, 42% and 33% respectively during May. Unreported attacks are now 5 times (489%) more than reported attacks. While down from a high of 10 last month, this is a factor of the large volume of reported attacks rather than any material change in unreported attacks, which remained relatively constant at 323.

In terms of variants, this month we saw LockBit and BlackCat continue to dominate with 18.4″ and 17.6% respectively, very similar to last month. This is consistent with unreported attacks, also dominated by LockBit and BlackCat, with 39.7% and 13.8% respectively.

Finally, illegal networks now dominate exfiltration techniques with 97% of all attacks, with a large majority originating and exfiltrating data to China 42% of the time, with Russia at 10%. We attribute the lower exfiltration to Russia due to the effect of sanctions, making it difficult to procure, launch and exfiltrate data to this nation.”

This report makes it clear that ransomware is not just a growing threat, but a clear and present danger. Thus organizations of all sizes should take this threat seriously and adjust their defences accordingly.

BlackFog today released the State of Ransomware report for March 2023. And Dr. Darren Williams, CEO and Founder, BlackFog had this commentary on the report:

     “March witnessed a total of 28 ransomware attacks. While lower than January and February, this still represents a 4-year high, with a 12% increase over previous years. Most notably we continue to see the flow of effects from unreported attacks. March saw 1,403% of attacks going unreported, up from 478% and 543% in January and February respectively. Nearly a 3-fold increase from previous months.

March also saw Education increase its lead as the most targeted sector, increasing by more than 53%, with 26 attacks for the year, followed by government and healthcare with increases of 33% and 13% respectively.

LockBit continues to dominate as the key ransomware variant with 24.3% of reported attacks and 41.4% of unreported attacks. It should be noted that the sheer volume of unreported attacks this month was dominated by LockBit, and we expect this to be reflected in the disclosed attacks over the coming months. Similarly, both CLOP and Royal were highly leveraged in unreported attacks with 11.4% each.

Lastly, we note that it is now becoming less common for attacks to remain unclaimed as ransomware gangs seek notoriety, with only 14% unclaimed this month. We have also seen continued use of data exfiltration in more than 88% of attacks, with March witnessing a significant increase in the use of illegal networks, up 14% to 94% since February.”

Today’s full report can be found at: https://privacy.blackfog.com/wp-content/uploads/2023/04/BlackFogRansomwareReport-Mar-2023.pdf

BlackFog today announces it has been named a winner of three Cybersecurity Excellence Awards and that The Globee® Awards, organizers of the world’s premier business awards programs and business ranking lists, has named BlackFog a winner in the 19^th Annual 2023 Globee Cybersecurity Awards.  

The awards BlackFog has received for the 6^th annual Cybersecurity Excellence Awards:

• Silver Winner for Most Innovative Cybersecurity Company in North America
• Gold Winner for Best Virtual CISO in North America
• Silver Winner for Ransomware Protection 

BlackFog received Gold place for Best Cybersecurity Newsletter of the Year in the 19^th Annual 2023 Globee® Cybersecurity Awards for its monthly State of Ransomware Report. 

The Globee Cybersecurity Awards recognize cybersecurity companies and professionals for their innovative approaches and effective solutions in ensuring security in the digital age. The awards cover various categories such as risk management, threat detection, cloud security, data privacy, and more. The program aims to raise awareness about cybersecurity issues and honor those who have made significant contributions in protecting organizations and individuals from cyber threats.

BlackFog has released a monthly State of Ransomware report for the past three years, analyzing ransomware attacks and the statistics around them, including:

• Reported ransomware attacks by month
• Key trends
• Prevalent threat groups 
• Size of organizations being attacked
• Attacks by industry sector

BlackFog newly added the tracking and inclusion of non-publicly disclosed ransomware attacks, which it has included in its 2023 State of Ransomware reports. 

BlackFog’s Virtual CISO (vCISO) platform includes a dedicated team of experts that provide monthly assessments, constant monitoring with the BlackFog solution, detailed custom reporting for compliance and auditing, and a customer-branded Enterprise console, managed by their team.

About the Globee Awards 
Globee Awards are conferred in nine programs and competitions: the American Best in Business Awards, Business Excellence Awards, Cybersecurity World Awards®, Disruptor Company Awards, Golden Bridge Awards®, Information Technology World Awards®, Leadership Awards, Sales, Marketing, & Customer Success Awards, and the Women In Business Awards®. Learn more about the Globee Awards at https://globeeawards.com

About BlackFog

Founded in 2015, BlackFog is a global cybersecurity company that has pioneered on-device anti data exfiltration (ADX) technology to protect companies from global security threats such as ransomware, spyware, malware, phishing, unauthorized data collection and profiling. Its software monitors enterprise compliance with global privacy regulations and prevents cyberattacks across all endpoints. BlackFog uses behavioral analysis to preemptively prevent hackers from exploiting vulnerabilities in enterprise security systems and data structures. BlackFog received recognition as a Gold award winner in the Cybersecurity Excellence Awards for Best Data Security and Best Ransomware Protection North America, as well as the Bronze award in Most Innovative Cybersecurity Company and Best Cybersecurity Start-up in 2022. BlackFog was named a 2020 HOT Vendor in Privacy and Security by Aragon Research. 

BlackFog’s preventative approach to security recognizes the limitations of existing perimeter defense techniques and neutralizes attacks before they happen at multiple points in their lifecycle. Trusted by corporations all over the world, BlackFog is redefining modern cyber security practices. For more information visit https://www.blackfog.com

BlackFog has released the February 2023 State of Ransomware Report. BlackFog issues a monthly recap of the latest stats in ransomware attacks including prevalent threat actors, tactics, volume of attacks in varying countries and vertical sectors, rate of disclosed and undisclosed attacks compared to other months, and more. Please feel free to use this data in any articles, reports or research on ransomware attacks. 

Darren Williams, CEO and Founder, BlackFog, has provided perspectives on the state of ransomware for February 2023:

     “For the second month of 2023, we have seen new records broken, with February seeing a new high of 40 victims, a 43% increase from 2022. This month we continue to collect unreported data, and this month we see 543% of attacks remain unreported, a 65% increase over January.

Sector-wise we saw education continue to dominate with 17 victims, and healthcare and government closely behind with 15 each. Government attacks saw the biggest increase in February, with a 150% increase since January, while Healthcare and Education saw 88% and 70% increases respectively.

Data exfiltration continues as the main weapon of choice for ransomware and is used in 88% of all attacks. This month we also saw an increased number of attacks originating from China, which now represents 38% of all attacks, up from 36% in January. Russia remains stable at 9%.

Finally, in terms of variants, as we predicted in January we saw a dramatic increase in attacks from LockBit, as victims from previous months begin to disclose attacks. We expect this pattern to continue as unreported attacks continue to be dominated by LockBit, which is at 48%, while disclosed is at 24.3%. BlackCat also increased to 24.3%, although the growth in unreported remains significantly lower.”

I’d spend some time reading this report as it provides a lot of insight as to what threats you really need to worry about.

BlackFog has today released the State of Ransomware Report for January 2023. BlackFog issues these reports monthly to provide insight into the varying countries, threat groups, variants and more, by tracking both publicly disclosed and unreported ransomware attacks. 

Darren Williams, CEO and Cofounder, BlackFog had this comment:

“After a record-breaking 2022, we start January with yet another record, this time the highest January on record with 32 attacks, a 22% increase over 2022. We also start 2023 with new statistics and now include unreported attacks so we can see the scope of the problem. This month we see that 478% of attacks have gone unreported, a growing trend we have seen over the past year.

We also start 2023 with education leading the way with 10 attacks, 30% of the total for the month. This continues the trend we saw in 2022 followed closely by healthcare and government with 8 and 6 attacks respectively.

January also saw some big changes in data exfiltration, which is dominated by China, representing 36% compared to Russia at 9%. As of 2022, we see that exfiltration is now the dominant technique for ransomware and was involved in 88% of all attacks in January.

Lastly, we see that LockBit continues to be the dominant variant and expect this to increase further over the coming months and was involved in 18.8% of reported attacks, but crucially 32.6% of unreported attacks. We expect to see this reflected in next month’s statistics as we see some pull-through from unreported to reported.”

The full report can be found here.