Ransomware threat groups are on the rise, so be on your guard
Secureworks report says threat landscape is diversifying after the Lockbit disruption
The number of active ransomware groups over the last 12 months is on the rise as criminals look for more ways to target businesses, new research has claimed.
The 2024 State of Threat Report from Secureworks has revealed a rise in the number of active ransomware groups over the last 12 months - identifying a 30% rise in the number of active groups.
The figures represents a diversification of the landscape rather than a particularly drastic increase in criminals. Since the notorious Lockbit disruption, in which the most prolific group was briefly shut down, the ransomware ecosystem has evolved, with 31 new groups being established.
A variety of tactics
One of the key findings from the report is that unpatched vulnerabilities remain the top Initial Access Vector (IAV) in ransomware attacks, making up almost 50% of all IAVs. This outlines more than ever the importance of staying on top of cybersecurity and software updates.
In 2024, PLAY has become the most active group, and has doubled its victim count year-on year. Further evidence of the broadening of the attack sources is the fact that Lockbit, previously a dominant player, has seen an 8% reduction in its share of ransomware attacks.
“Cybercriminal ecosystems are akin to living organisms. They adapt and mutate in the face of disruption, reacting with speed to maintain the tempo of their attacks. The names and affiliations may be different, but the impact is the same, with attacks causing maximum business disruption, downtime, and remediation costs,” said Secureworks Vice President Don Smith.
The report also outlines a persistence of state-sponsored threat actors from Russia, China, and Iran amongst others. These are driven by geopolitical conflicts and underscore the growing use of cyberattacks as a political tool.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Unsurprisingly, AI continues to flourish as a tool for malicious actors, contributing to both the problem and the solution as the technology is increasingly used in both cyberattacks and cybersecurity solutions. This is consistent with earlier research which suggests ransomware has as much as doubled thanks to AI.
More from TechRadar Pro
- Take a look at some of the best malware removal software
- Some of the world's biggest countries are teaming up to tackle ransomware scams
- Check out our pick for best antivirus software
Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.