A welcome slowdown in the pace of ransomware attacks took place in the second quarter of 2022, as Lockbit rose in prominence and Conti faded. Credit: undefined undefined / Getty Images Total ransomware attacks for the second quarter of 2022 totaled 574, representing a 34% slowdown compared to the first quarter of the year, according to a report released Thursday by GuidePoint Research.The most impacted industries were manufacturing and construction, GuidePoint’s report said, accounting for 18.3% of all claimed attacks during the quarter. The tech sector was also heavily targeted, as were government agencies. The US was the most-attacked country, according to the report, representing nearly a quarter of all global ransomware victims.The most active ransomware group in the second quarter was Lockbit, a ransomware-as-a-service operation that offers its software to affiliates who actually compromise the target’s systems and share any profits. Lockbit has made several technical advances of late, according to CSO Online, including the introduction of its own data theft toolkit and the ability to more speedily deploy their ransomware after a target network is compromised.A total of 208 attacks using Lockbit were recorded during the study’s time frame. Lockbit, the report said, runs on a fairly professional basis, with a bug bounty program, a set percentage of proceeds from an attack payable to the group as a use fee, and restrictions on using its software against organizations like critical infrastructure providers where encryption could cause deaths. A new group, as well, emerged during the second quarter, dubbed Blackbasta, which heavily targeted industrial and manufacturing companies. The Conti ransomware group, by contrast, was shut down in May, substantially limiting the number of attacks made under its banner in the quarter, which were nevertheless good for second place behind Lockbit2, with 41 victims.Conti was known for its aggressive approach and—unusually for a prominent ransomware group—its habit of failing to follow through on promises to decrypt compromised data, even when ransoms were paid. However, while the Conti brand is effectively shuttered, the people behind it are likely still active. According to Drew Schmitt, operations lead at GuidePoint, Lockbit is likely to continue leading the way for the ransomware industry in the immediate future, as the reorganization of threat actors continues. “We expect to see an uptick of Lockbit 3.0 activity and potentially other restructuring and consolidation in affiliate-based ransomware operations,” he said in a statement. Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe