SOCRadar® Cyber Intelligence Inc. | LockBit Responsible for 1/3 of Ransomware Attacks Targeting Financial Industry
Home

Resources

Blog
Nov 01, 2022
3 Mins Read

LockBit Responsible for 1/3 of Ransomware Attacks Targeting Financial Industry

In the first eight months of 2022, the SOCRadar CTIA Team examined 1,700 ransomware threats published on dark web forums and hacker channels. 4.5% of these posts were related to the financial industry, targeting financial institutions, banks, and the cryptocurrency industry.

Distribution of ransomware posts related to financial industry
Distribution of ransomware posts related to the financial industry (Source: SOCRadar)

The financial industry is among the most vulnerable to ransomware incidents. SOCRadar analyzes threats in this industry to raise awareness of and reduce the risks. Click the button below to download the full report.

LockBit is Ahead in the Race 

Among the ransomware groups that showed activity during the first eight months of 2022 were the following:

LockBit 3.0 was responsible for 25 of the 76 ransomware attacks in the finance industry, as discovered by SOCRadar.

Victim announcements of ransomware groups
Victim announcements of ransomware groups (Source: SOCRadar)

Malware Targeting Financial Industry

In the second quarter of 2022, more than 5,5 million mobile malware, adware, and riskware attacks were prevented. There were found to be over 400,000 installation packages. Nearly 4,000 packages contained mobile ransomware Trojans, while over 55,000 were tied to mobile banking Trojans

The top 5 banking trojans and their functions are listed in the report titled “Malware Targeting Banks and Their Customers,” along with the countries most commonly targeted by mobile banking trojans.

You can perform an financial industry-based search on the SOCRadar platform to be informed about threat actors/malware.
You can perform an industry-based search on the SOCRadar platform to be informed about threat actors/malware.

TrickBot Makes a Comeback 

The TrickBot malware used phishing attacks using web injections to target the clients of 60 critical institutions.

These 60 companies include major technological players like AmazonMicrosoft, and Google, as well as banks and credit unions like Bank of America and Wells Fargo & Co., Paypal, American Express, blockchain.com, and robinhood.com, which operate cryptocurrency exchange platforms. 

According to Check Point Research (CPR), since November 2020, there have been more than 140,000 infections.