June marked a new low for disclosed ransomware attacks in the United States this year, which have been steadily declining since the end of March.
SearchSecurity tracked this decline in a database of public reports and disclosures, as well as a series of articles covering the most notable ransomware attacks for each month. According to the data collected, the number of reported ransomware attacks in the United States peaked in January and lowest in June. Comparing just January to June, there has been a decrease of more than 300% in the number of attacks reported.
According to an NCC group report, ransomware attacks are also down globally, dropping 18% from April to May. The cybersecurity firm said the drop could stem from the apparent shutdown of Conti, a Russian ransomware group. Conti was breached by an anonymous security researcher known as “Conti Leaks” on Twitter, who leaked the group’s source code, documents and private communications.
However, the decline in attacks does not mean that ransomware has ceased in the United States, as several public and private entities continue to experience attacks. Experts have also suggested that although there has been a decline following Russia’s invasion of Ukraine and resulting sanctions, nation-state threat groups and Russian ransomware operations may be targeting the United States and other Western allies.
During a recent roundtable for the American Chamber of Commerce, Mike Herrington, section chief of the FBI’s cyber division, said that increased sanctions against Russia could lead to increased pressure to respond with cyberattacks against American targets. . Conti has already shown a willingness to respond with threats to critical infrastructure and repeated attacks on US entities.
Attacks on public services
The trend of attacks on public entities continued earlier this month, with the Cape Cod Regional Transit Authority (CCRTA) announcing an attack after Memorial Day weekend.
The CCRTA said the service was largely unaffected by the attack, with most of its services able to be coordinated manually. According to CCTA administrator Tom Cahir, the critical systems were recovered within days of the attack and the backup restoration was expected to be complete by the end of the month.
On the same day, the city of Alexandria, Louisiana, confirmed he was investigating an attack after the city was claimed as a victim by ransomware group BlackCat. SearchSecurity attempted to contact the city about the status of the attack and potential recovery, but the city government did not respond.
Ellsworth, Kan., was another city government that was affected last month. According to the city Press releasethe attack happened on June 2, forcing the city to shut down its systems.
The city said no services to the public were affected by the ransomware attack, but some internal operations were restricted.
Additionally, the Tenafly Public School District in New Jersey confirmed a ransomware attack that forced the school to cancel final exams. The attack that destroyed the school’s computer systems also prevented access to classroom and Google messaging systems widely used by teachers and students.
Higher education also faced ransomware attacks this month as Napa Valley College saw its network shut down for weeks following an attack on June 10, according to the Napa Valley Registry. On July 6, the college announced that the recovery effort was underway and the school’s main website was still only intermittently available. However, Napa Valley College said no personal information appeared to be at risk and most systems had backups in place.
The private sector also revealed several ransomware attacks this month. The Montrose Environmental Group in Little Rock, Ark., disclosed a ransomware attack on June 14 that disrupted servers and computers in one of its lab networks. At the time, Montrose said he did not believe any other systems were affected or personal information was stolen. The company did not respond to requests for comment.
On the same day as the Montrose incident, the Allison Inn and Spa, a luxury resort in Newberg, Oregon, confirmed an apparent ransomware attack. The threat actors allegedly exposed the personal information of hotel employees and guest records and threatened to release additional information about 1,500 employees and more than 2,000 reservations.
The month ended with Nichirin, a Japanese automotive supplier, disclose a ransomware attack against the company’s US subsidiary. Nichirin said manufacturing and shipping operations have been adjusted to maintain business after its systems were decommissioned.
Other private sector organizations revealed ransomware attacks in June that occurred in previous months. At least five private organizations disclosed attacks to state attorneys general during the month, ranging from local seafood distributors to national placement companies.
The largest attack affected 81,455 victims when Qualified Temporary Services Inc. was hit, according to the Maine Attorney General’s office. The attack happened in 2021 but was only revealed last month.