GuidePoint Research and Intelligence Team (GRIT) Releases New Report on Ransomware Trends


HERNDON, Virginia–(BUSINESS WIRE)–Guide Point Securitya leader in cybersecurity solutions that enable organizations to make smarter decisions and minimize risk, today announced the release of GuidePoint Research and Intelligence Team (GRIT) Quarterly Ransomware Report. This report is based on data obtained from publicly available resources, including the threat groups themselves, and provides an accurate representation of the ransomware threat landscape. In Q2, GRIT tracked 30 ransomware groups and 581 publicly released victims.

The GRIT Ransomware Quarterly Report shows a slowdown in ransomware activity in June and a focus on the manufacturing and construction verticals accounting for nearly 20% of reported victims. Of the 30 groups tracked, 23 targeted the manufacturing and construction verticals.

“We saw a decrease in ransomware activity in Q2 compared to Q1 due to operational changes to Conti in May, a significant drop in known Clop victims, and the complete redesign of Lockbit in June” said Drew Schmitt, GRIT Operations Manager, GuidePoint Security. “From an industry perspective, manufacturing and construction were hit hard largely due to the targeting of Lockbit and Blackbasta, a new group that emerged in the second quarter and maintained a high operational tempo throughout. of the quarter.”

Main highlights of the report:

  • 34% decrease in the number of ransomware victims between the first and second quarters

  • Manufacturing, technology, construction, government and healthcare were the 5 most affected sectors in the second quarter

  • The United States was the most affected country, accounting for almost 25% of all attacks.

  • The top 4 ransomware groups by number of publicly released victims were Lockbit2, Alphv, Conti and Blackbasta

The second quarter of 2022 also saw the update of Lockbit2 to Lockbit 3.0 (aka Lockbit Black), which is a new release from the Lockbit Ransomware as a Service (RaaS) group. This group, which claims to operate from the Netherlands with origins in former USSR countries, allows affiliates to keep 80% of the ransoms and protects their infrastructure and organization through a bug bounty program and a thorough verification process for new affiliates. Additionally, Lockbit offers multiple purchase options for each intrusion on their leak site to delay release for a small fee, destroy data, or download data.

“We expect to see a slight increase in Lockbit 3.0 activity and potentially further restructuring and consolidation in affiliate-based ransomware operations,” Schmitt said.

For more information or to download the report, visit:

About GuidePoint Security

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and your challenges, helping you through an assessment of your cybersecurity posture and ecosystem to expose risks, optimize resources, and implement the best-fit solutions. GuidePoint’s unparalleled expertise has helped a third of Fortune 500 companies and more than half of US government agencies improve their security posture and reduce risk. Learn more about


Comments are closed.