Report reveals signs of evening out in ransomware productivity

As ransomware actors continue to adapt, the new report underscores the importance of vigilance, collaboration, and innovative strategies in combating this evolving threat.

  • Wednesday, 28th August 2024 Posted 1 year ago in by Phil Alsop

A comprehensive new WithSecure report provides crucial insights into the evolving world of ransomware. The report, which examines data and trends from the first half of 2024, reveals that the ransomware industry, after peaking in late 2023, is beginning to see a stabilization in productivity, with notable developments in ransomware targets, and industry dynamics.

While ransomware productivity has shown signs of leveling off in 2024, the frequency of attacks and ransom payments collected remained higher in the first half of 2024 compared to the same periods in 2022 and 2023.

“There has been a marked shift towards targeting small and medium-sized businesses, which now represent a larger proportion of ransomware victims,” says Tim West, Director of Threat Intelligence and Outreach at WithSecure.

Law enforcement actions, notably the takedown of the Lockbit ransomware group in February 2024, have played a critical role in disrupting major ransomware operations. These efforts have led to the seizure of significant assets and the dismantling of critical infrastructure used by ransomware groups. Despite these disruptions, the long-term impact of law enforcement on the ransomware ecosystem remains uncertain, with ransomware groups adapting and evolving in response.

The report examines the architecture of Ransomware-as-a-Service (RaaS) collectives, emphasizing the growing competition among ransomware franchises to attract affiliates. Notably, following the decline of prominent groups like Lockbit and ALPHV, many newly "nomadic" ransomware affiliates have aligned themselves with more established RaaS brands.

“Trust within the cybercriminal community has probably been significantly eroded due to incidents such as ALPHV's alleged exit scam, where affiliates were defrauded of their earnings, further complicating the dynamics within the ransomware ecosystem,” West describes.

A notable trend identified in the report is the increased adoption of initial access through edge service exploitation as described in previous WithSecure research this year, along with the frequent use of legitimate remote management tools by ransomware actors.

The report also touches on the persistent issue of reinfection, with data showing that a significant percentage of organizations that paid ransoms were later targeted again by the same or different ransomware groups.

Cyber attacks surge in UK healthcare sector

Posted 17 hours ago by Sophie Milburn
SonicWall reports a rise in cyber attacks against the UK healthcare sector, with a focus on dated vulnerabilities and new technological risks.
According to research conducted by Cohesity in partnership with OnePoll, UK CEOs anticipate quick recovery from cyberattacks but lack clarity on...

Tenable joins OpenAI in the battle against cyber threats

Posted 19 hours ago by Sophie Milburn
Tenable and OpenAI partner to harness AI in confronting evolving cyber threats and enhancing exposure management capabilities.

RETN secures top titles in LINX Reseller Awards

Posted 19 hours ago by Sophie Milburn
RETN named Top Reseller for European and North American Networks in LINX awards.
Cynomi has introduced new integrations, automated scanning capabilities, a centralised document repository, and enhanced AI features aimed at...
Apptio has introduced new features, including Conversational Insights, aimed at improving visibility into IT and cloud spending by combining cost,...
At Kaseya Connect Europe in Prague, Kaseya outlined updates to its Kaseya Intelligence platform, including new AI automation features, integrations,...
Netskope has introduced its Catalyst MSP/SP Programme to help managed service providers deliver SASE services in cloud and AI-driven environments,...