September saw a record 153% increase of ransomware attacks, says NCC Group

With 514 victims falling prey to ransomware in September, it's time every consumer and business started taking this threat seriously.
Written by Jack Wallen, Contributing Writer
Cyber attack
andresr/Getty Images

NCC Group released its Threat Pulse for September, which detailed a shocking increase of 153% in September for ransomware attacks. According to the report, the following groups were listed in the number of attacks:

  • LostTrust
  • RansomedVC
  • LockBit
  • Clop

As far as targets for ransomware, North America was once again at the top of the list with 258 attacks (an increase of 3%). Europe was listed second (an increase of 2%), with 155 attacks, and Asia in third place with 47 attacks (an increase of 8%). 

Also: Cybersecurity 101: Everything on how to protect your privacy and stay safe online

This is not a contest you want to win.

One sector that should be of great concern is healthcare, which saw a 15% increase over August. Ransomware attacks in the healthcare industry should be of particular concern, given how such attacks can directly affect patient safety.

Other industries that were targeted include Industrials (with 40% of the attacks), and Consumer Cyclicals (with 21%).


RansomedVC is a new threat actor on the list. According to the NCC Group, "RansomedVC's innovative approach increases the pressure on victims to meet ransom demands. Financial incentives for paying the ransom are heightened, as GDPR allows for fines of up to 4% of a victim's annual global turnover." 

Also: How to find and remove spyware from your phone

Because of this, RansomedVC claimed responsibility for an attack on Sony (which happened on Sept. 24). This attack compromised the company systems and the group then threatened to sell the stolen data.

Anticipated rise in attacks

The rise in attacks, however, was anticipated. Matt Hull (global head of Threat Intelligence at NCC Group) said, "After the drop in ransomware attacks in August, the surge in attacks during September was somewhat anticipated for this time of year. However, what stands out is the volume of these attacks and the emergence of new threat actors who have been major drivers of this activity." 

Hull continued, "These groups, including the likes of LostTrust, Cactus, and RansomedVC, are noteworthy for their approach: adapting existing ransomware techniques and introducing their own variations to add pressure for victims. We've witnessed a growing number of groups utilizing the double extortion model as a strategy, piggybacking off this as a successful method used by more established threat actors. New threat actors are also increasingly embracing Ransomware as a Service (Raas) model, whilst diversifying their activities and creating 'unique selling points.'"

Hull also mentions there's a focus on ramping up pressure on ransomware attacks, a tactic that has been employed by groups like RansomedVC. Hull also believes we'll see other new groups exploring these same methods of increasing the pressure on victims to comply with ransom demands.

Editorial standards