The successful dismantling of the LockBit ransomware gang and the subsequent downfall of its key members has been a widely discussed cyber security achievement in the past year. However, despite this, cyber criminals seem undeterred, as indicated by Secureworks’ latest annual report, the 2024 State of the Threat Report. The report reveals a 30% increase in active ransomware groups using leak sites, with 31 new actors entering the scene between June 2023 and July 2024.
While LockBit accounted for 17% of ransomware listings during the period in review, its influence decreased by 8% compared to the previous year due to the disruption caused by Operation Cronos led by the UK’s National Crime Agency. Other prominent ransomware groups, such as BlackCat/ALPHV and Clop/Cl0p, also faced setbacks, with BlackCat/ALPHV exiting the scene after law enforcement intervention and Clop/Cl0p being less active following the MOVEit file transfer compromise in 2023.
On the other hand, the Play gang doubled its victim count, while the emergence of new groups like RansomHub and Qilin has reshaped the ransomware landscape. The evolution of the ransomware business model and the influx of new threat groups have added complexity for network defenders, making it challenging to predict attackers’ strategies.
More gangs, fewer victims
Despite the increase in ransomware groups, victim numbers have not risen at a similar rate, possibly due to the fragmented nature of the landscape. The movement of affiliates within the ransomware ecosystem has contributed to this trend, with victims appearing on multiple sites as affiliates seek new opportunities.
The past year has witnessed a broadening of the ransomware landscape, with a diverse range of cyber criminals operating in what is becoming a ‘Wild West’ style threat environment. This shift has led to faster and more chaotic attacks, resulting in a decrease in dwell times as criminals exploit vulnerabilities swiftly.
As the ransomware ecosystem continues to evolve, defenders can expect to see new attack methodologies, including the use of AI and AitM attacks to bypass security measures. The rise of AI in cyber crime presents challenges for enterprises, emphasizing the importance of identity protection as the first line of defense against sophisticated attacks.
Overall, the cyber crime landscape is constantly changing, with threat actors adapting their strategies to evade detection. Enterprises must remain vigilant and proactive in their defense strategies to mitigate the risks posed by evolving cyber threats.
