LockBit Responsible for 1/3 of Ransomware Attacks Targeting Financial Industry

In the first eight months of 2022, the SOCRadar CTIA Team examined 1,700 ransomware threats published on dark web forums and hacker channels. 4.5% of these posts were related to the financial industry, targeting financial institutions, banks, and the cryptocurrency industry.

The financial industry is among the most vulnerable to ransomware incidents. SOCRadar analyzes threats in this industry to raise awareness of and reduce the risks. Click the button below to download the full report.

LockBit is Ahead in the Race 

Among the ransomware groups that showed activity during the first eight months of 2022 were the following:

• LockBit 3.0
• Conti
• HiveLeaks
• AlphVM (Blackcat)
• AvosLocker
• Lorenz 

LockBit 3.0 was responsible for 25 of the 76 ransomware attacks in the finance industry, as discovered by SOCRadar.

Malware Targeting Financial Industry

In the second quarter of 2022, more than 5,5 million mobile malware, adware, and riskware attacks were prevented. There were found to be over 400,000 installation packages. Nearly 4,000 packages contained mobile ransomware Trojans, while over 55,000 were tied to mobile banking Trojans. 

The top 5 banking trojans and their functions are listed in the report titled “Malware Targeting Banks and Their Customers,” along with the countries most commonly targeted by mobile banking trojans.

TrickBot Makes a Comeback 

The TrickBot malware used phishing attacks using web injections to target the clients of 60 critical institutions.

These 60 companies include major technological players like Amazon, Microsoft, and Google, as well as banks and credit unions like Bank of America and Wells Fargo & Co., Paypal, American Express, blockchain.com, and robinhood.com, which operate cryptocurrency exchange platforms. 

According to Check Point Research (CPR), since November 2020, there have been more than 140,000 infections.