The NCC’s March Cyber Threat Pulse report found that ransomware attacks are on the rise and that there may be a new threat group to monitor. In March, ransomware attacks increased by over 50%, and Hive identifies as the third-most active hacking group.


A new ransomware group emerges. 


Hacker collective Hive has supplanted BlackCat as the third most active hacking collective in terms of ransomware. In the month of March, Hive saw a 188% increase in attacks, showing the most significant growth in raids as well. Like Lock bit 2.0 and Conti, Hive targets the industrial sector for the majority (34.6%) of its attacks. Still, unlike those two, Hive also targets the academic and educational sectors (15.38%) with its ransomware.


Lock bit 2.0 and Conti continue to be the most active threat actors this month, as they were in February. In March, two hundred eighty-three incidents were reported, a 53% increase from 185 in February. Lock bit 2.0 was responsible for 96 attacks during the period, while Conti was responsible for 71 episodes and an increase of 115% in activity in recent months.


The NCC Group attributes the boost from February to a slower winter holiday period during which the two groups ramped up their attacks back to their usual rates. The two groups targeted industries such as construction and engineering and consumer cyclical during this period.


New ransomware attacks by region and sector


North America is the most targeted region globally when it comes to ransomware attacks, as 44% of reported incidents were in this region. As noted, the number of attacks in North America increased from 78 to 122 over the past month. U.S. ransomware deployments grew by 48% from 73 to 108, accounting for nearly 90% of all attacks in the region.



Cyberattacks in Europe fell 5% to 37.9% in March, ranking second globally after North America. From February (one) to March (eight), Africa experienced the most significant increase in attacks by percentage (700%).


Sector-by-sector, the industrial sector continues to be the most victimized category when it comes to ransomware attacks. Industries accounted for 34% of ransomware victims, followed by consumer cyclical (20.8%). Client and customer risks within these two sectors make it more urgent to restore services while limiting potential damage and costs. 


Send a Message