SK shieldus announced on the 19th that there were 484 cases of ransomware damage globally in May. This figure represents a decrease of about 12% compared to the previous month (550 cases), but the analysis indicates that the potential for damage remains significant due to the emergence of new groups and the sophistication of attack methods.
In particular, a hacking incident occurred involving LockBit, the world's largest ransomware organization, where internal information such as cryptocurrency wallet addresses, ransomware versions, and chat records were confirmed to have been leaked from its dark web leak site.
In Korea, a new group called "Nova" was identified as having attacked a certain university, stealing portal source code and internal data. Activities of eight new groups, including "Devman," which attacked a public pension agency in Kenya, and "Cyberex," which used general chat platforms instead of the dark web, were also reported.
The most active group in May was SafePay, which leaked sensitive data through 72 attacks in the Czech Republic and Australia.
SK shieldus recommended the adoption of Managed Detection and Response (MDR) services for a security system capable of immediate response. MDR is a subscription-based security service that detects security anomalies for more than 24 hours and is responded to by security professionals.
A representative from SK shieldus noted, "Ransomware threats are evolving in unpredictable ways," and emphasized that a security system capable of real-time detection and response is necessary.