[Weekend Briefing] Ransomware index report: October 2022

By Dain Oh, Kuksung Nam, and Sojun Ryu, The Readable
Nov. 4, 2022 7:14PM KST

“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.

Hello, this is Dain Oh for The Readable. Last week, South Korea went through a national tragedy, which led 154 people to their deaths in the center of the city. Halloween literally turned into a nightmare. While the nation was picking up the pieces, cybercriminals did not miss an opportunity to exploit the disaster. Kuksung Nam for The Readable covered the story. Her article is also included in this week’s briefing at the bottom.

Starting today, The Readable’s subscribers can access a monthly ransomware report by S2W. The report includes specific numbers about ransomware groups and their victims in addition to the numbers of newly opened data leak sites by ransomware groups. By looking at the numbers, our readers will be able to get an idea of the overall threat landscape of the ransomware ecosystem. Sojun Ryu for The Readable provides reports representing his team’s work regarding threat intelligence.

This month’s report is available to everyone who visits our website, but it will only be open to those who subscribe our newsletters from next month. We do not bury our readers’ inboxes with too many letters or ask them to pay for a subscription. So, if you have not yet subscribed to our newsletter, please click the “Subscribe” button at the top. The only thing you need to do is to type in your email address.

Ransomware index report: October 2022


In October 2022:

  1. A total of 218 companies’ data were uploaded onto leak sites by ransomware groups.
  2. LockBit turned out to be the most active ransomware group, uploading 56 companies’ data onto their leak sites.
  3. Companies in the manufacturing industry were targeted the most by ransomware groups.


Newly discovered or changed data leak sites in October 2022

※ "Change" means that the leak site has changed its domain address.

Ransomware groups and activities in October 2022: Percentage of each ransomware group in companies that were uploaded onto the data leak sites

Top five countries by number of leak sites their data appeared on

Top five industries by number of leak sites their data appeared on

The next monthly ransomware index report will be published through the first newsletter in December.

[News] South Korean authorities discover hacking attempts abusing Halloween crowd surge

Designed by Areum Hwang, The Readable

South Korean authorities issued a series of warnings regarding hacking attempts that abused one of the country’s worst peacetime disasters, happening on the Halloween weekend in Seoul.

The Office of National Security warned in a press statement on Tuesday that they have detected an attempted cyberattack which was related to the Halloween crowd surge. The deadly surge in one of Iteawon’s narrow alleys led more than 150 people to their deaths.

According to the press release, the hacking attempts were carried out by a malicious document which was disguised as an official report by the Central Disaster and Safety Countermeasures Headquarters. To read the original reporting by Kuksung Nam, click here.


The cover image of this article was designed by Areum Hwang.
The graphics of this article were designed by Sangseon Kim.

Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.

Sojun Ryu is a cybersecurity researcher for The Readable. He graduated from the “Best of the Best” next-generation security expert training program (BoB) at the Korea Information Technology Research Institute (KITRI) in 2013, and holds a master’s degree in information security from Sungkyunkwan University in Korea. He worked at KrCERT/CC for seven years, analyzing malware and responding to incidents. He is also one of the authors of "Operation Bookcodes," published by KrCERT/CC in 2020. Recently, Ryu has been focusing on threat intelligence, cybercrime, and advanced persistent threats (APT) by expanding into the deep, dark web with TALON, the Cyber Threat Intelligence group at S2W.