"LockBit Remains Most Prolific Ransomware in Q3"

According to new research by researchers at Trellix, the infamous LockBit ransomware variant remained the most widespread in the third quarter of 2022, accounting for over a fifth (22%) of detections.  The researchers noted that LockBit and Phobos were the most common ransomware families during Q3 2022.  LockBit has been the most prolific variant of 2022 so far.  The researchers noted that at the end of Q3, their "builder" was released, and allegedly various groups are already establishing their own RaaS with it.  The researchers stated that Phobos ransomware continues to be active and accounts for 10% of ransomware attacks they observed.  Their tactic of selling a complete ransomware kit and avoiding large organizations allows them to stay under the radar.  The researchers noted that Germany recorded the highest detections of APT-related activity (29%) and the highest volume of ransomware (27%), while telecoms was the sector most impacted by ransomware, followed by transportation and shipping.  The researchers claimed that the most active advanced threat groups during the quarter were the China-linked Mustang Panda, Russia's APT29, and Pakistan-linked APT36.  Red team software Cobalt Strike remained a popular tool for threat actors, seen in a third (33%) of observed global ransomware activity and 18% of APT detections in Q3.

Infosecurity reports: "LockBit Remains Most Prolific Ransomware in Q3"