Q3 Ransomware Landscape Report

Q3 of 2022 has provided us with many interesting insights into the ransomware industry. Instead of fairly wide distribution of victims between the various ransomware groups, we saw consistency from Lockbit3.0, as they remain the number one group with 37% of all ransomware attacks this quarter, an increase of 5% since the previous quarter, whereas they participated in “only” 29% of the ransomware incidents.

The shutting down of Conti, which was responsible for 14% of last Q’s incidents, did not result in the establishment of a new group, but rather led to a somewhat equal distribution of their share of the pie between all of the remaining groups. USA remains the most targeted region followed by the UK, France, Spain and Germany, which were equally targeted.

Although it seems like the ransomware industry is owned by one family, we did see some new groups, and promising newcomers have emerged such as BianLian, IceFire, Sparta and the notorious Bl00dy gang.

The most interesting piece of data we were able to find this quarter is that even though we have seen over 85 new ransomware families being introduced to the industry, the number of documented victims is lower by 15% since Q2 and by around 30% compared to Q1.

In this report, we will cover the ransomware trends in targeted sectors and countries, along with the most important cases we have witnessed where ransomware groups were the attackers, but sometimes the victims as well, and how the newcomers will play a part in the future.