A 18% drop in ransomware attacks in May is probably the result of Conti's shutdown, but the actors are regrouping under other brands, including KaraKurt, Black Byte, Hive, and Black Basta, analysts said.
The latest report from NCC Group's threat intelligence team shows LockBit 2.0 maintained its top spot among ransomware groups, launching 40% of all attacks in May. Black Basta, which was discovered in April, along with Hive were behind 7% of attacks last month.
“Conti’s possible shutdown represents a significant change for the ransomware threat landscape, and it cannot go ignored," said Matt Hull, global lead for strategic threat intelligence at NCC Group, in a statement announcing the ransomware attack report findings. "It will be interesting to see which smaller groups replace it as it rebrands, and how these new or evolved actors will behave – which NCC Group will of course continue to monitor.”
The findings also show industrial and critical infrastructure remain an attractive target. The sector was on the receiving end of 31% of attacks in May, followed by consumer cyclicals at 22% and technology at 12%.