Blog Layout
The Cybersecurity Lair™ • October 9, 2024

Latest News | Ransomware Landscape Expands: A 30% Increase in Active Groups

New Actors, Old Tactics: How Cybercrime is Adapting

Over the past year, the ransomware ecosystem has expanded significantly, with 31 new groups joining, despite ongoing law enforcement efforts to disrupt these operations. According to Secureworks' latest "State of the Threat" report, the number of active ransomware groups has risen by 30%. While previously dominated by a few major players, the landscape is now more fragmented with smaller groups emerging. However, the increase in ransomware groups has not directly correlated with a rise in the number of victims, suggesting a more distributed and potentially less successful threat environment.


Highlights:


  • Rise in Active Ransomware Groups: 30% increase year-on-year.
  • New Groups: 31 new ransomware groups entered the ecosystem in the last 12 months.
  • Top Groups:
  • LockBit: Continues to be the most active, responsible for 17% of victims, despite an 8% drop in activity due to law enforcement disruption (Operation Cronos).
  • PLAY: Second most active, doubled its victim count year-over-year.
  • RansomHub: Emerged as a key player, responsible for 7% of victims, joining after the initial LockBit takedown.
  • BlackCat/ALPHV: Once a top player, its activity has significantly decreased due to law enforcement disruption.
  • Trend: Despite the growth in ransomware groups, the number of victims has not risen proportionally, suggesting fragmentation and unpredictability in the threat landscap

Best Practices for Password Management Applications:


  • Data Encryption: Ensure passwords and sensitive data are encrypted at rest and in transit.
  • Multi-factor Authentication (MFA): Require MFA to add an extra layer of security.
  • Regular Updates: Keep applications updated to patch vulnerabilities exploited by ransomware groups.
  • Backup and Recovery: Implement secure backups and test recovery plans in case of ransomware attacks.
  • Monitoring and Alerts: Use real-time monitoring tools to detect unusual activities, such as large-scale password changes or export attempts.


The expansion of ransomware groups, despite law enforcement crackdowns, demonstrates the evolving and adaptive nature of cybercrime. While ransomware is still a major threat, its decentralised landscape introduces new challenges for defenders, as playbooks and methods grow more unpredictable. Network defenders must stay vigilant, continually adapting to a rapidly changing threat environment by implementing robust security practices.


Source and further reading.


Maundrill, B. . (2024, October 8). 31 new ransomware groups join the ecosystem in 12 months. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/new-ransomware-groups-emerge-2024

Share by: