In the first half of 2024, the ransomware landscape saw a significant shift with a 56% increase in the number of active ransomware groups compared to the previous year.

Description

Despite disruptions [1] [3], LockBit maintained its position as the most prominent group, while BlackCat and Cl0p dropped from the top rankings. A new group [1] [2] [3] [4], RansomHub [1] [2] [3] [4], quickly rose to become the third most active group with 171 victims [4]. Law enforcement operations appear to be impacting ransomware activities [2] [3], as there has been a decline in the overall number of listed ransomware victims in the first half of 2024 compared to the previous period. The Ransomware-as-a-Service (RaaS) model continues to dominate among the most active groups [3], with new threats like APT73 and DarkVault emerging [2], highlighting the need for organizations to adapt defensive strategies to combat the evolving threat landscape [2].

Conclusion

The increase in active ransomware groups and the emergence of new threats underscore the importance of organizations adapting their defensive strategies to combat the evolving threat landscape. Law enforcement operations have shown some impact on ransomware activities, but continued vigilance and proactive measures are necessary to mitigate the risks posed by ransomware attacks.

References

[1] https://finance.yahoo.com/news/searchlight-cyber-report-reveals-rapid-130000526.html
[2] https://vmblog.com/archive/2024/09/03/searchlight-cyber-report-reveals-rapid-changes-in-the-ransomware-landscape-over-six-months.aspx
[3] https://ai-techpark.com/searchlight-cyber-reveals-rapid-ransomware-changes-over-six-months/
[4] https://www.infosecurity-magazine.com/news/active-ransomware-groups-surge/