A welcome slowdown in the pace of ransomware attacks took place in the second quarter of 2022, as Lockbit rose in prominence and Conti faded. Credit: undefined undefined / Getty Images Total ransomware attacks for the second quarter of 2022 totaled 574, representing a 34% slowdown compared to the first quarter of the year, according to a report released Thursday by GuidePoint Research.The most impacted industries were manufacturing and construction, GuidePoint’s report said, accounting for 18.3% of all claimed attacks during the quarter. The tech sector was also heavily targeted, as were government agencies. The US was the most-attacked country, according to the report, representing nearly a quarter of all global ransomware victims.The most active ransomware group in the second quarter was Lockbit, a ransomware-as-a-service operation that offers its software to affiliates who actually compromise the target’s systems and share any profits. Lockbit has made several technical advances of late, according to CSO Online, including the introduction of its own data theft toolkit and the ability to more speedily deploy their ransomware after a target network is compromised. A total of 208 attacks using Lockbit were recorded during the study’s time frame. Lockbit, the report said, runs on a fairly professional basis, with a bug bounty program, a set percentage of proceeds from an attack payable to the group as a use fee, and restrictions on using its software against organizations like critical infrastructure providers where encryption could cause deaths. A new group, as well, emerged during the second quarter, dubbed Blackbasta, which heavily targeted industrial and manufacturing companies. The Conti ransomware group, by contrast, was shut down in May, substantially limiting the number of attacks made under its banner in the quarter, which were nevertheless good for second place behind Lockbit2, with 41 victims.Conti was known for its aggressive approach and—unusually for a prominent ransomware group—its habit of failing to follow through on promises to decrypt compromised data, even when ransoms were paid. However, while the Conti brand is effectively shuttered, the people behind it are likely still active. According to Drew Schmitt, operations lead at GuidePoint, Lockbit is likely to continue leading the way for the ransomware industry in the immediate future, as the reorganization of threat actors continues. “We expect to see an uptick of Lockbit 3.0 activity and potentially other restructuring and consolidation in affiliate-based ransomware operations,” he said in a statement. Related content feature The biggest data breach fines, penalties, and settlements so far Hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $4.4 billion and counting. By Shweta Sharma and Michael Hill Apr 26, 2024 16 mins Data Breach Security news New CISO appointments 2024 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Apr 26, 2024 14 mins CSO and CISO IT Jobs IT Governance news Top cybersecurity product news of the week New product and service announcements from Forcepoint, Ionix, Amplifier Secutiry and Torq. By CSO staff Apr 26, 2024 81 mins Generative AI Security feature Looking outside: How to protect against non-Windows network vulnerabilities Security administrators who work in Windows-based environments should heed the lessons inherent in recent vulnerability reports. By Susan Bradley Apr 25, 2024 7 mins Windows Security Network Security Security Practices PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe