Ransomware tracker: the latest figures [August 2022]
Adam Janofsky August 10, 2022

Ransomware tracker: the latest figures [August 2022]

Ransomware tracker: the latest figures [August 2022]

* Note: this Ransomware Tracker is updated on the 10th day of each month to stay current *

Although the ransomware threat hasn’t disappeared, some of the most vulnerable organizations have been breathing a sigh of relief.

Ransomware attacks against healthcare providers and school districts hit a two-year low in July, while state and local governments continued to report a dip in attacks that began in March, according to new research.

Only three school districts and nine healthcare providers appeared to be hit by ransomware last month — the lowest numbers since June 2020, when three school districts and seven healthcare providers reported ransomware incidents. The data, which is tracked by researchers at Recorded Future, is collected from extortion sites, government agencies, news reports, hacking forums, and other sources.

One explanation for the dip in attacks is the recent dissolution of the Conti ransomware gang, which had been highly active over the last two years. The group shut down much of its infrastructure in May after carrying out hundreds of incidents, including a devastating attack on Costa Rican government agencies.

LockBit, a ransomware-as-a-service operation that has since become the most prolific group in terms of publicly-claimed victims, was linked to 58 attacks in July — a slowdown from previous months. But researchers have warned that the group could pick up steam following its launch of “LockBit 3.0,” which reportedly introduced a bug bounty program and other technical updates. 

“As long reigning top threat actor Conti has all but disappeared and Lockbit 3.0 rises to prominence, it is clear we are in a transitionary phase,” Matt Hull, global lead for strategic threat intelligence at U.K.-based NCC Group, wrote in a report last month. “We anticipate that the volume of attacks will increase over the coming months as threat actors such as Lockbit and Black Basta regain focus, a reminder that this is an ever-changing landscape that needs to be monitored continuously.”

Graphs from this ongoing project can be shared and reproduced with proper attribution.

Adam is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.