This week in ransomware – April 22, 2022

Ransomware continues to grow as a threat. While the overwhelming number of attacks are from a few of the “big players”, even when these gangs disappear, more arise to fill the gap. Even more troubling, there is collaboration and even overlap between the players, which might lead to multiple attacks.

Cybersecurity attacks are growing in frequency: Telus study

A recent study done by Telus shows that the number of ransomware attacks in Canada is increasing. The report states:

“Cyberattacks are on the rise in Canada, with 98 per cent of Canadian organizations reporting a cyberattack in the last 12 months. Attacks are frequent, with 25 per cent of organizations experiencing at least one attack per day and most organizations experiencing more than 11–30 attacks per month.”

The report contains a number of other findings, and includes advice for dealing with ransomware. It can be downloaded at (registration required)

Who are the gangs responsible for the most attacks?

Cybersecurity researchers at Digital Shadows analyzed recorded ransomware attacks between January and March 2022 and found that LockBit 2.0 and Conti were the two most active ransomware gangs.

According to the report, these two gangs accounted for 58 per cent of all incidents. LockBit was more prolific, with 38 per cent of ransomware attacks. Conti ransomware group accounted for 20 per cent of ransomware attacks.

The report also notes that LockBit leaked the information of more than 200 victims in the first quarter of 2022, the highest number of leaks to date this year.

Two of the big players, PYSA ransomware, which was the third most active ransomware group during the last quarter of 2021, and REvil, seem to have disappeared or stopped working.

New ransomware gangs are moving in to fill the void and replace PYSA and REvil. Some of the new groups include Stormus, Night Sky, Zeon, Pandora, Sugar, and x001xs.

Sourced from recent article in TechNewsDay  

Ransomware gangs are collaborating – double the attacks?

Karakurt is a ransomware gang that steals but doesn’t encrypt the data of a victim organization. According to the podcast Cyber Security Today, a study by Tetra Defence noted that Karakurt is believed to have hit 55 organizations in the U.S. and eight in Canada. The researchers say there’s evidence that the Karakurt gang are using the resources of another gang, Conti, including network access to previous Conti victims.

It may be coincidence that a company hit by Karakurt had just been victimized by Conti, the report says. Researchers also believe Diavol ransomware is deployed by the same people behind Conti and Karkurt.

The report concludes that companies should “think carefully before paying any data ransom demand. It may not protect you from being hit again.”

Sourced from the podcast Cyber Security Today from ITWorld Canada


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jim Love
Jim Love
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now