The IT Nerd

BlackFog has today released the State of Ransomware report for August 2024.Additionally, Darren Williams, CEO and Founder, BlackFog, has provided his thoughts on the state of ransomware in August, below:

     “August witnessed the 3rd highest number of attacks for the year with 63 publicly disclosed attacks, already surpassing the total number of attacks in 2020, 2021 and 2022. It also represents the second highest number of undisclosed attacks of the year with 464, with a ratio of 737% undisclosed to disclosed attacks.

From a sector perspective Healthcare had the biggest increase this month with 20%, or 16 verified attacks. This makes Healthcare the most targeted sector by a significant margin, followed by Government and Education, which saw only modest increases of 10% and 12% respectively.

In terms of variants, this month we saw RansomHub, a new entrant rocket to 7.9% of all attacks, followed by Medusa and Rhysida at 7.6% and 6.0% respectively. While LockBit still maintains its lead with 18.4% of all attacks, we only saw one confirmed attack this month.

A similar trend was observed in unreported attacks with RansomHub commanding 8.4% of attacks.

Lastly, we saw data exfiltration rates to China increase significantly to 20% this month (an increase of 4%) and Russia stable at 6%, with 93% of all attacks involving data exfiltration.”

BlackFog State of Ransomware Report August 2024: https://privacy.blackfog.com/wp-content/uploads/2024/09/BlackFogRansomwareReport-Aug-2024.pdf

BlackFog, today announced it has made new appointments to strengthen its leadership team as it witnesses significant growth. John Sarantakes has joined as Chief Revenue Officer, and Mark Griffith has been appointed as Vice President of Strategic Sales.

As one of its founding team members, CMO Brenda Robb has also been promoted to President of BlackFog. As executive director of the company, Brenda led the expansion of the company into Northern Ireland, where BlackFog has now established R&D headquarters. As President, Brenda’s strong leadership skills and counsel will be leveraged with BlackFog’s expansion throughout North America.

With over 28 years in technology sales, John Sarantakes will play a pivotal role as CRO in driving global sales through direct sales and the development of a strong channel. He will also target sales growth across State, Federal, Local Government and Education sectors.

Previously at InMotion Software, John served as Senior Vice President of Strategy and Business Development. He has also held positions as Executive Vice President at Headspring Systems, Senior Vice President of Sales and General Manager of EMEA at Absolute Software and National Sales Director at Dell.

Mark Griffith was also appointed as Vice President of Strategic Sales at BlackFog. Griffith, who has more than 30 years of experience in strategic leadership and innovation, will lead BlackFog efforts to develop partnerships with MSPs and MSSPs, to secure customers in State, Local and Government agencies, and continue to work alongside customers on a tactical and operational standpoint.

These appointments lay the foundation for BlackFog’s next stage of rapid growth. As ransomware threats escalate, the demand for data protection and anti data exfiltration is at an all-time high. Organizations are seeking new effective solutions to help them protect their systems and data from ransomware attacks.

Blackfog’s State of Ransomware Report for June has just been released, revealing the second highest June on record in terms of overall threat numbers for the year with 45 total attacks.

In terms of ransomware gangs, LockBit continues to dominate, but the Play ransomware group was the ‘biggest mover’, according to Darren Williams, CEO, presenting a 33% increase in attacks across the month.

Moreover, Healthcare dominates attack numbers by sector, increasing 25% from May, whilst  the ratio of unreported attacks generally remains at 774%. 

Dr Darren Williams, CEO and Founder, Blackfog

     “In June we saw an easing of the overall threat numbers for the year with 45 total attacks. Historically still very high, it represents the second highest June on record. It demonstrates just how normalised these attacks have become. Despite the lower number of attacks for the month, the ratio of unreported attacks remains high at 774%, reflecting the sheer volume of attacks that still go unreported.

Healthcare takes centre stage this month with an increase of 25% from May, followed by government and technology with increases of 23% and 21% respectively. Unlike most months the education sector took a well-earned break from the record books with only an 8% increase.

In terms of variants, Play was the biggest mover this month with a 33% increase in attacks followed by Black Basta and Medusa with 14% and 13% respectively. This follows the large increase in unreported attacks from Medusa last month, typically a leading indicator of disclosed attacks in subsequent months. While Lockbit is still the leading variant by a significant margin, we only saw a modest gain of 3% this month.

Finally, data exfiltration is now involved in 93% of all attacks with PowerShell the leading vector at 62%, an 11% gain from the previous month. China and Russia also continue to dominate as the leading destinations for exfiltrated data with 15% and 6% respectively.”

You can read the report here.

BlackFog has today released the State of Ransomware Report for November. This report contains detailed statistics on the latest ransomware attack tactics, active threat groups, and a breakdown of attacks by countries and industries.

Darren Williams, CEO and Founder, BlackFog, has offered perspectives on the last month of ransomware attacks, below: 

“Another month, another record. November surprised us with the sheer volume of attacks. Not only did it break an all-time record with 89 attacks, it was 27% more than the previous best in September. The unreported to reported ratio continues to remain stable this month at 492% continuing the trend with companies reporting breaches more often. The significant fines now being imposed by regulators will ensure this moves even lower in the coming months. 

The SEC rules require registrants to disclose material cybersecurity incidents they experience within four days and to report on an annual basis material information regarding their cybersecurity risk management, strategy and governance. The orders are effective on or about December 18, 2023. 

We saw the Healthcare and Manufacturing sectors grow significantly with increases of 21% and 20% respectively and the Finance sector by a massive 83%, effectively doubling the number of attacks in only one month. This does not bode well coming into the holiday season with the banks and financial institutions under significant pressure. 

In terms of variants, we see LockBit and BlackCat continue to dominate reported attacks, both at 19.2% each. LockBit also dominates the unreported attacks at 34.9% and BlackCat at 14.2%. As in previous months, data exfiltration continues to dominate as the primary mechanism for extortion at 90% with traffic flowing to China at 30% and Russia 9% of the time.” 

Today’s full report is linked here: https://privacy.blackfog.com/wp-content/uploads/2023/12/BlackFogRansomwareReport-Nov-2023.pdf 

BlackFog has today released the State of Ransomware report for October 2023. As always, please feel free to utilize this report and its data as needed. Additionally, Dr. Darren Williams, CEO and Founder, BlackFog, has offered his perspectives on the State of Ransomware for October 2023, below: 

     “October was the 3rd largest month for ransomware this year with a total of 64 disclosed and 303 undisclosed attacks with a ratio of 473% unreported to reported. This ratio is now one of the lowest we have seen in the last year and a good sign that companies are starting to report breaches rather than hide them. We expect this trend to continue with the recent charges against the SolarWinds CISO by the SEC. 

Other notable changes this month saw the biggest changes in the Services and Government sectors with 33% and 25% increases respectively. Smaller increases were seen in both Healthcare and Manufacturing of 16% and 13% respectively. 

BlackCat and Lockbit continue to dominate the unreported attacks with 18.8% and 16.9% respectively and also correlate with the top trends in unreported variants. As in previous months, data exfiltration continues to dominate as the primary mechanism for extortion at 90% with traffic flowing to China at 32% and Russia 9% of the time.” 

Today’s full report can be found here: https://privacy.blackfog.com/wp-content/uploads/2023/11/BlackFogRansomwareReport-Oct-2023.pdf 

BlackFog today released the State of Ransomware Report for July 2023. BlackFog releases this monthly report containing pertinent information regarding both publicly and non-publicly disclosed cyber attacks. The report also includes statistics on the most attacked countries and industries, as well as prevalent threat groups and attack methods.

 Dr. Darren Williams, CEO and Founder, BlackFog, has also provided commentary on July’s ransomware trends and statistics:    

“This month we continue to see a large volume of attacks, culminating in the highest July in 4 years, with 38 publicly disclosed and 390 undisclosed attacks. This represents a 10-fold difference between unreported versus reported attacks, as we continue to see the effects of the MOVEit exploit.

The most notable change saw healthcare overtake education as the most targeted sector, with a 29% increase in attacks. Education came a close second with 56 reported attacks, while the Government saw a 19% increase from last month. Other sectors remained largely unchanged.

BlackCat and LockBit remain the two dominant variants with 18.4% and 16.8% respectively. As we predicted last month, we saw CLOP overtake BlackCat in the number of unreported attacks due to the MOVEit exploit. We expect this to continue in the coming months as the full extent of this exploitation is realized.

Lastly, exfiltration continues to be the primary weapon of choice for attacks. Leveraging data for extortion contributes to this quarter’s all-time record, with an average payout of US$740,144. China continues to be the main destination for data loss at 41% with Russia at 9%.”

The full report is linked here: https://privacy.blackfog.com/wp-content/uploads/2023/08/BlackFogRansomwareReport-Jul-2023.pdf

BlackFog has released the June State of Ransomware Report.  

Dr Darren Williams, CEO of Blackfog, notes the following:  

“After an all-time record in May, June sees a continuation of this trend with the second highest number of ransomware attacks on record with 46 publicly disclosed, and a record 396 undisclosed attacks. This represents a ratio of 8.6:1 of unreported to reported attacks, or 860% going unreported, fuelled in part by the MOVEit attack and the CLOP ransomware variant.

This month education, healthcare and manufacturing dominated, with increases of 25%, 26% and 27% respectively. Government attacks showed one of the smallest increases of the year of only 12.5% but remains the third highest targeted sector.

In June, BlackCat and LockBit were the two dominant variants at 18.1% and 16.8% respectively. This closely mirrors the unreported attack variants, representing 50% of all successful attacks. With the sheer volume of attacks from CLOP we expect this to change over the coming months.

Finally, we saw illegal networks continue to dominate exfiltration techniques with 97% of all attacks. A large majority of ransomware is now originating and exfiltrating data to China 43% of the time, with Russia at 10%.”

You can read the report here.

61% of SMBs have been hit by a successful cyberattack in the last year, according to new findings released today from BlackFog. The research study, which examined the business impact of cybersecurity for organizations in the US and UK, also revealed the growing importance of engaging with trusted partners to meet their security challenges.

Businesses are also falling victim to repeat attacks, with 87% of IT decision makers stating they had experienced two or more successful attacks in the past 12 months. On average organizations saw close to five successful data breaches, malware or ransomware attacks affecting their network.

Critically for SMBs, the main impact of an attack was business downtime, which affected 58% of respondents. The successful attacks also negatively impacted customer trust and retention with a third of all respondents reporting that the incidents resulted in the loss of customers. Worryingly, 39% of organizations affected also reported a loss of customer data.   

The Growing Importance of Trusted Partners

The significant business impact of cyberattacks points to a growing opportunity for service providers to support and advise their customers. 

When seeking advice on new security solutions, the opinions of providers or channel partners were valued more highly than that of peers by decision-makers.  In fact, more than a quarter of all respondents (26%) rated providers and partners as the most highly trusted compared with colleagues in their company (21%), analysts (16%) and peers within other organizations (10%). 

Amongst the key findings on partnerships with external providers, the research also revealed:  

• More than two-thirds of respondents, 69%, stated they were more likely to ask their partner for advice on new cybersecurity solutions compared to last year. 
• 41% of respondents stated that knowledge of cyberthreats was the biggest challenge in effective protection; highlighting how service providers and partners have a vital role to play in providing access to information and expertise.
• The majority, 87% of respondents, stated that they felt their IT providers were focused on understanding their cybersecurity challenges. However, only 39% of respondents felt they understood all their challenges.
• High-security standards are expected from partners, with more than a third of respondents (38%) stating this was the main determining factor when choosing a managed security provider.

Methodology 

The results from this survey are from an online survey Sapio Research fielded on behalf of BlackFog with 400 IT decision makers in the US and UK from companies with 100-999 employees.

BlackFog today released the State of Ransomware Report for May. And the news isn’t good. The top item from this report is that there has been a 154% Global Increase Over May 2022. If that doesn’t send chills down your spine. Nothing will.

Dr. Darren Williams, CEO and Founder, BlackFog, comments on the findings:

     “May represents a watershed moment for Ransomware across the globe with a significant increase in the attack success rate, with a 154% increase over 2022. Notably, we saw a concerted effort to attack law firms as attackers placed increasing emphasis on data exfiltration. The value of the data continues to climb as cyber criminals look for new ways to extort organizations and their clients. This explains the 233% increase in the services industry this month.

We continue to see specific targeting of healthcare, technology, education and government with increases of 81%, 57%, 42% and 33% respectively during May. Unreported attacks are now 5 times (489%) more than reported attacks. While down from a high of 10 last month, this is a factor of the large volume of reported attacks rather than any material change in unreported attacks, which remained relatively constant at 323.

In terms of variants, this month we saw LockBit and BlackCat continue to dominate with 18.4″ and 17.6% respectively, very similar to last month. This is consistent with unreported attacks, also dominated by LockBit and BlackCat, with 39.7% and 13.8% respectively.

Finally, illegal networks now dominate exfiltration techniques with 97% of all attacks, with a large majority originating and exfiltrating data to China 42% of the time, with Russia at 10%. We attribute the lower exfiltration to Russia due to the effect of sanctions, making it difficult to procure, launch and exfiltrate data to this nation.”

This report makes it clear that ransomware is not just a growing threat, but a clear and present danger. Thus organizations of all sizes should take this threat seriously and adjust their defences accordingly.

BlackFog today released the State of Ransomware report for March 2023. And Dr. Darren Williams, CEO and Founder, BlackFog had this commentary on the report:

     “March witnessed a total of 28 ransomware attacks. While lower than January and February, this still represents a 4-year high, with a 12% increase over previous years. Most notably we continue to see the flow of effects from unreported attacks. March saw 1,403% of attacks going unreported, up from 478% and 543% in January and February respectively. Nearly a 3-fold increase from previous months.

March also saw Education increase its lead as the most targeted sector, increasing by more than 53%, with 26 attacks for the year, followed by government and healthcare with increases of 33% and 13% respectively.

LockBit continues to dominate as the key ransomware variant with 24.3% of reported attacks and 41.4% of unreported attacks. It should be noted that the sheer volume of unreported attacks this month was dominated by LockBit, and we expect this to be reflected in the disclosed attacks over the coming months. Similarly, both CLOP and Royal were highly leveraged in unreported attacks with 11.4% each.

Lastly, we note that it is now becoming less common for attacks to remain unclaimed as ransomware gangs seek notoriety, with only 14% unclaimed this month. We have also seen continued use of data exfiltration in more than 88% of attacks, with March witnessing a significant increase in the use of illegal networks, up 14% to 94% since February.”

Today’s full report can be found at: https://privacy.blackfog.com/wp-content/uploads/2023/04/BlackFogRansomwareReport-Mar-2023.pdf