[SoW] W4 Aug | EN | Story of the week: Ransomware on the Darkweb

With contribution from Hotsauce (Denise Dasom Kim, Jungyeon Lim, Yeonghyeon Jeong, Sujin Lim, Chaewon Moon)| S2W TALON

SoW (Story of the Week) publishes a report summarizing ransomware’s activity on the Darkweb. The report includes summary of victimized firms, Top 5 targeted countries and industrial sectors, status of dark web forum posts by ransomware operators, etc.

1. Weekly Status

• A total of 52 victim companies were mentioned on ransomware leak sites based on 10 attack groups that had been updated in the past week
• HQ of ransomware victim companies is the highest in the United States, accounting for 50.0% of the total victimized companies
• Among all ransomware attack groups, LockBit accounted for 25.0% of the activity, showing the highest activity

1.1. TOP 5 targeted countries

1. USA — 50.0%
2. Canada — 9.6%
3. Germany & Italy — 5.8%
4. Japan — 3.8%
5. Others — 1.9%

1.2. TOP 5 targeted industrial sectors

1. Financial — 15.4%
2. Construction — 11.5%
3. IT — 9.6%
4. Industrial & Engineering — 5.8%
5. Education & Others — 3.8%

1.3. TOP 5 Ransomware

1. LockBit — 25.0%
2. CLOP — 19.2%
3. Payload.bin & Hive — 13.5%
4. Conti & BlackMatter — 7.7%
5. Data Leak Market — 5.8%

2. Weekly highlighted the post @TALON

• [DDW User Profile] Who is the hottest user selling access in DDW?
• Analysis of Ragnarok Ransomware Money Laundering Case Using DeFi Coin
• Anatomy of Chaos Ransomware builder and its origin (feat. Open-source Hidden Tear ransomware)

[SoW] W4 Aug | EN | Story of the week: Ransomware on the Darkweb was originally published in S2W BLOG on Medium, where people are continuing the conversation by highlighting and responding to this story.

Article Link: [SoW] W4 Aug | EN | Story of the week: Ransomware on the Darkweb | by S2W | S2W BLOG | Medium