Qilin continued to be the most dominant ransomware group in August, outpacing all other competitors. Its 104 reported victims in August were significantly higher than the 56 claimed by the next most active group, Akira. However, this lead is under threat from several emerging players, including Sinobi, The Gentlemen, and the reemerging LockBit group. These developments are poised to change the dynamics of the ransomware threat landscape in the coming months. Overall, ransomware attacks are on the rise, with August’s 467 incidents marking the fourth consecutive monthly increase. This surge, while not reaching the record levels seen in February, is a cause for concern. A troubling trend also highlighted is the growing number of attacks with software supply chain implications.
The United States was disproportionately targeted in August, experiencing nearly 60% of all ransomware attacks. This is a staggering figure, as it’s roughly ten times the number of attacks seen in Germany and the UK. This concentration of attacks underscores the U.S. as a primary target for cybercriminals.
Since the decline of RansomHub in late March, Qilin has cemented its position as the leading ransomware group. With 398 claimed victims, it’s more than 70% ahead of Akira. Analysts believe that Qilin’s features and incentives are attracting former RansomHub affiliates and others, contributing to its sustained success. Since April, Qilin has claimed over 18% of the total 2,164 ransomware attacks. Akira is the only other group to have surpassed 10% of the total, claiming 10.7% of the attacks.
The emergence of the Sinobi group is particularly noteworthy. Despite only being active for two months, the group has quickly risen to third place. Sinobi has already claimed 41 victims, with all but two of them located in the U.S. The group’s rapid ascent has led to speculation about its origins. Similarities in its code and data leak site suggest a possible connection to the Lynx group, which may itself be linked to INC Ransom. However, since all three groups remain active, they might simply be connected rather than a part of a rebrand.
While Sinobi’s rise has been impressive, its future dominance is uncertain. The group has only claimed one new victim since August 24th, which could indicate that its initial meteoric rise may not be sustainable in the long term. This development suggests that while the ransomware landscape is highly competitive, sustained success is difficult to achieve.
Reference:
