LockBit 2.0, Conti ransomware groups most active in first quarter

Fifty-eight of all ransomware attacks during the first three months of 2022 have been attributed to LockBit 2.0 and Conti ransomware gangs, with the former accounting for nearly twofold the number of attacks as Conti, reports ZDNet. More than 200 LockBit 2.0 victims already had their information leaked in the first quarter, which is the highest so far this year, and while Conti's internal chat logs have been leaked after it had expressed support for Russia's invasion of Ukraine, the ransomware gang's operators have continued attacks, a Digital Shadows report revealed. "Conti has shown no signs of slowing down since the chat logs and source code leak. However, the leak is a blow to the group's reputation, and could therefore affect its ability to attract new affiliates and have a long-term impact on its ability to grow," said Digital Shadows Senior Cyber Threat Intelligence Analyst Ivan Righi. Digital Shadows also noted that while the PYSA and REvil ransomware groups have disappeared, new operations, including Night Sky, Sugar, Stormous, Zeon, x001xs, and Pandora have emerged since the year began. "Regardless of the external factors and shifts in targeting, ransomware is likely to remain one of the biggest threats to organizations worldwide over the next quarter," Righi said.