Ransomware Surge: Number Of Active Groups Rises By 56% In 2024

Searchlight Cyber just published a report revealing that the number of active ransomware groups has increased significantly in the first half of 2024. Despite this growth, the overall number of victims has declined, suggesting that law enforcement efforts are having an impact.

The report states that ransomware groups frequently appear, compete with each other, and sometimes vanish, only to return under new names. The ransomware scene has already changed significantly since the beginning of the year, and the report provides an update on those shifts.

One of the most notable developments mentioned in the report is the emergence of RansomHub, which quickly rose to become the third most prolific ransomware group. This group’s success is likely due to its connections with other established ransomware operators.

While ransomware groups continue their usual tactics, there has also been a significant law enforcement operation targeting the LockBit group, known as Operation Cronos. Although LockBit has not been fully defeated, the operation has weakened them, as stated on the report.

Despite these efforts, ransomware is still a major issue. In fact, the report states that the number of ransomware groups increased by 56% in the first half of 2024 compared to the same period in 2023.

However, the number of victims has decreased, which suggests that law enforcement actions are having some impact, as suggested on the report.

The report also notes that the top ransomware groups have also shifted. Long-time players like BlackCat and Cl0p have slowed down, while new groups like RansomHub have risen to prominence. LockBit remains the most active group, but it has also been affected by law enforcement efforts.

Ransomware-as-a-Service (RaaS) is still the dominant model, where groups lease their ransomware to others in exchange for a share of the profits.

To effectively defend against these threats, organizations must stay updated on the latest ransomware trends and gather intelligence from dark web forums to understand which groups pose the biggest risk to them.

The report concludes by warning, “Although some of the big players have been disrupted, we should be under no illusions: ransomware remains a persistent threat.”