Excerpt from SecurityBrief Article, Published on Oct 18, 2024.
Ransomware activity has increased by 2.3% in the third quarter of 2024, according to a recent report by ReliaQuest. Despite this uptick, overall incidents remain 1.5% lower than in the same quarter last year. The report reveals a significant shift in the ransomware ecosystem, with RansomHub now recognized as the most active group, surpassing the previously dominant LockBit.
RansomHub’s dramatic rise—an impressive 800% increase in activity—can be attributed to its enticing profit-sharing model, which offers affiliates a remarkable 90/10 split. This lucrative incentive has drawn a growing number of cybercriminals to the group. Additionally, RansomHub has partnered with the hacking collective Scattered Spider, leveraging native English speakers to execute sophisticated social engineering campaigns that have significantly boosted their operational success.
The report highlights that, despite the increased activity from certain groups, the overall number of ransomware incidents has declined, down 1.5% from Q3 2023. This decrease is likely due to enhanced detection capabilities through advanced endpoint detection and response (EDR) technologies, alongside effective law enforcement interventions targeting major players like LockBit.
Other groups are also rising in prominence. The Meow group, for instance, has shifted its tactics from traditional data encryption to the sale of stolen data online, while the Play group has begun targeting ESXi environments, expanding its attacks to Linux platforms.
Looking ahead, experts anticipate that ransomware activity will continue to rise, potentially peaking by the end of 2024. Organizations are advised to strengthen their cybersecurity measures, including robust backup policies, improved endpoint detection, and comprehensive training on social engineering tactics. The evolving landscape necessitates proactive strategies to counter the growing threat posed by emerging ransomware groups like RansomHub.
To delve deeper into this topic, please read the full article on SecurityBrief.