GuidePoint: Spread of ransomware attacks widen amid threat actor power struggle
GuidePoint Security announced today the release of GuidePoint Research and Intelligence Team’s (GRIT) Q2 2024 Ransomware Report.
While the number of Q2 ransomware victims remains relatively stable at a 9% quarter-over-quarter increase, the diversity of those victims – and the ransomware groups targeting them – is growing. The GRIT Q2 2024 Ransomware Report observes major shakeups in the ransomware ecosystem following recent law enforcement operations, including a shift in the industries and geographies most impacted by ransomware activity.
“The takedown of LockBit and departure of AlphV – two of the most prolific Ransomware-as-a-Service (RaaS) groups – has left a power vacuum that groups are scrambling to take over,” said Grayson North, Senior Security Consultant, GRIT. “There is no ‘new normal’ yet in the ransomware landscape. As a result, we’re seeing victims spread across a wider variety of industries, attacks attributed to more groups and new countries being targeted. We expect this volatility to continue throughout Q3 as previous norms fall by the wayside and new RaaS leaders surface.”
The GRIT Q2 2024 Ransomware Report takes an in-depth look at the evolving RaaS ecosystem, including the dramatic increase in activity of new and emerging ransomware groups. Other notable Q2 ransomware events include the growing role of RaaS relative newcomer RansomHub, an increase in Play’s operational tempo and LockBit’s discredited post claiming the United States Federal Reserve as a victim.
Key Highlights of the Report:
- LockBit is the only ransomware group to maintain its position as one of the top five threat actors year-over-year. Despite significant law enforcement disruption, LockBit still holds the top spot among the quarter’s most active RaaS groups at 131 victims.
- The industries most impacted by ransomware in Q2 2024 were manufacturing, technology and healthcare, respectively. The technology industry experienced a surge in observed activity during the quarter, accounting for nearly 10% of posted victims – its highest relative placement since Q3 2023.
- H1 2024 saw a 5% increase in reported ransomware victims over H1 2023, even with the disruption of LockBit and dissolution of AlphV in early 2024.
- The United States’ share of total ransomware victims decreased. Following May sanctions imposed on LockBit by the United States, the percentage of LockBit’s U.S-focused ransomware attacks fell from 56% pre-sanctions to 45%. Meanwhile, there is an increasing focus on Brazil, Spain and India by various ransomware groups.
“As the ransomware ecosystem continues to evolve, we expect at least some portion of Emerging and Developing groups to steadily increase operations and become new long-standing Established groups,” added Justin Timothy, Security Consultant, GRIT. “It’s also likely that we’ll see ongoing threats from persistent, and quieter, ransomware groups, such as Play.”
The GRIT Q2 2024 Ransomware Report is based on data obtained from publicly available resources, including threat groups themselves, as well as threat analyst insights into the ransomware threat landscape.
For more information:
- Download the GRIT 2024 Q2 Ransomware Report
- Register for GRIT’s upcoming webinar
- Download the GRIT Ransomware Taxonomy whitepaper