The security company Malwarebytes has published a special evaluation of its “2023 State of Ransomware” report for Germany. As in the world, the attacks in this country are also increasing. The techniques used have changed.
Germany in fourth place among the most popular targets
Germany ranks fourth internationally in terms of registered ransomware attacks in the twelve months between July 2022 and June 2023: the security researchers at Malwarebytes counted 124 such cyber attacks in Germany during the period. This makes Germany the highest-ranked non-English speaking country. The UK – 196 attacks – and Canada – 159 attacks – saw only marginally more ransomware incidents. In the case of the USA, on the other hand, there are 1,462, more than ten times as many.
Service providers are a popular target for attacks worldwide. Otherwise, the percentage of attack by industry differs greatly between Germany and the rest of the world.
When it comes to the sectors affected by attacks, the picture here in Germany differs from that internationally. In particular, the health care system and authorities were largely spared in Germany and were much less often the target of criminals than worldwide. Conversely, in Germany, a significantly larger proportion of the registered ransomware incidents were attacks on the logistics, construction and technology industries.
escalation in recent months
The Malwarebytes threat intelligence team also observed a clear trend over the course of the year: Most attacks were carried out by the attackers in the last four months of the investigation. They recorded their highest value in May 2023 with 24 known attacks. Although new ransomware groups appeared during the period under review, campaigns by already known groups were decisive for the increase in registered attacks. A total of 23 active ransomware groups were identified, 9 of which performed five or more successful attacks. Most of them go to LockBit, as well as internationally. With Black Basta, a group that apparently focuses on Germany is in second place. The recent increase in attacks via unpatched security gaps, such as MalasLocker on Zimbra servers and zero-day exploits such as Cl0P on GoAnywhere and MOVEit-Transfer, is particularly striking.
LockBit carried out the most attacks in Germany and internationally in the past twelve months.
The findings of Malwarebytes’ global report are broadly consistent with recently published findings from CDN provider Akamai. In his new “State of the Internet” report, he also addresses developments in the ransomware sector and also warns of the increase in attacks via zero and one-day vulnerabilities. Akamai also ranks LockBit as the #1 most active ransomware group. In addition, it has been observed that the probability of a ransomware attack increases sixfold after an initial attack in the next three months.
The link to the German-language evaluation by Malwarebytes is available free of charge from the company’s agency; registration is required for the full global report. Akamai also requires personal data to download the current “State of the Internet” report.
Go to home page
#Ransomware #Germany #common #target #among #nonEnglish #speaking #countries