Home News How PYSA and Lockbit are Dominating the Ransomware Landscape

How PYSA and Lockbit are Dominating the Ransomware Landscape

NCC Group analysis found PYSA and Lockbit ransomware groups dominated the ransomware threat landscape globally

Ransomware attacks, LockBit Ransomware

The cybercriminal landscape increases quickly with various kinds of ransomware variants and attacks. The NCC group’s report states, the number of ransomware attacks reported in November 2021 has been increased by 1.9% compared to October 2021.

The Emergence of New Ransomware Groups

NCC Group found a 50% increase in organizations targeted by a new ransomware PYSA, with a 400% rise in government sector victims. In November, the report identified PYSA and Lockbit ransomware groups dominating the cyberthreat landscape. Since August this year, Conti and Lockbit have been the top threat groups, but PYSA overtook Conti with an increase of 50% in November. Meanwhile, the prevalence of Conti decreased by 9.1%.

The Rise of PYSA and Lockbit  

The FBI’s Cyber Division issued an alert warning about an uptick in cyberattacks against higher education institutions and K-12 schools, delivering the PYSA ransomware. Active since March 2020, the PYSA ransomware is a malware that exfiltrates users’ data and encrypts critical files on their systems. Also known as Mespinoza, the PYSA group leverages double-extortion techniques to target victims. The group reportedly targeted educational institutions in 12 U.S. states and the U.K., compromising sensitive information before encrypting the victims’ systems to blackmail them for ransom.

The LockBit gang operates as a ransomware-as-a-service (RaaS) model appointing affiliates and malicious insiders to carry out intrusion activities. The group has been working on Russian-language cybercrime forums since January 2020.

Regions Affected

According to the analysis, the most targeted regions in November by ransomware operators are North America and Europe, with 154 and 96 victims, respectively. In North America, organizations in the U.S. suffered 140 of these attacks, while Canada sustained 14. In Europe, the top targeted countries included the U.K. and France, with Italy and Germany sharing third place. Each of these countries experienced 32, 14, and 11 attacks in November. Also, the most targeted sector in November includes automotive, housing, entertainment, and retail businesses.