According to NCC Group, ransomware cases jumped 47 percent amid a rise in attacks from newer strains of malware infecting its targets.

NCC group tracks websites that post victims’ details, and found that incidents increased to 198 in July, up from 135 in June.

At the end of August, ransomware attackers associated with LockBit deployed a new version of its malware in a French hospital, forcing patients to have to be redirected to other facilities.

LockBit was associated with 62 incidents in July alone, nearly 20% higher than its number of attacks in June. LockBit remains “the most threatening ransomware group, and with which all organizations should aim to be aware of,” the company wrote.

Hive and BlackBasta are two groups that follow LockBit in the number of reported attacks. Both groups have ties to Conti, one of the most prolific ransomware groups before their fracturing in the wake of the Russian invasion of Ukraine.

NCC Group also reported of continued activity of the North Korean cybercrime group tracked under the name Lazarus Group. In April, the group was connected to cryptocurrency theft that amounted to $625 million. In July, United States government agencies warned that a North Korean attack was behind the Maui ransomware variant that targeted healthcare and public health organizations. They were also reportedly behind a $100 million theft on the California-based Harmony’s Horizon Bridge.

Lazarus Group has been a catch-all for distinct and nuanced cyber activity ranging from extortion to espionage to cybercrime. Nevertheless, the group is an ongoing threat according to Matt Hull, Global Head of Threat Intelligence with NCC Group.

“Lazarus Group seem to be improving their crypto-theft and ransomware operations, so it is more important than ever to monitor their activity closely,” Hull says. “Cryptocurrency organizations in the US, Japan and South Korea should remain on high alert.”

Story via Cyberscoop