Report examines ransomware attack methods, trends in Q1 2022

The quarterly Threat Report: Summer 2022 by Trellix found that ransomware groups are now beginning to choose sides in the Russian-Ukraine war, and that Business services providers and telecoms were the most targeted industries for ransomware attacks at 64% and 53%, respectively, according to TechRepublic. The report revealed that Russia experienced a 490% rise in incidents between the fourth quarter of 2021 and the first quarter of 2022, which, according to Trellix Lead Scientist and Senior Principal Engineer Christiaan Beek, "is likely driven by counter attacks," while the U.S. recorded the most incidents overall at 35% during the same period. Adversaries know they are being watched closely; the absence of new tactics observed in the wild during the war in Ukraine tells us tools are being held back, Beek said. Global threat actors have novel cyber artillery ready to deploy in case of escalation, and organizations need to remain vigilant. The report also found that in the first quarter of 2022, Cobalt Strike was used in 32% of the top ten ransomware queries in the U.S., while RCLONE at 12%, BloodHound at 10%, and Bazar Loader at 10% were the next most common ransomware tools.