Ransomware attacks are hitting record highs in 2024 and show no sign of slowing down as new criminal groups enter the scene and employ a variety of evolving tactics. This post identifies key highlights of ransomware activity in 2024 so far.
Multiple recent security reports have reported a significant increase in ransomware attacks claimed by criminal groups in Q2 2024, making it the second-highest quarter on record for claimed attacks. According to cyber threat reports by Symantec and Blackberry, one factor driving this surge appears to be the disruption and resurgence of certain ransomware operations. For example, the reports explain, following the February 2024 law enforcement takedown of Lockbit, the largest ransomware-as-a-service (RaaS) operation, there was a significant decrease in the group’s activity in the first quarter. Attacks claimed by Lockbit then surged in May 2024 to record highs, reaffirming the group’s position as a key player in the ransomware space.
Security reports have also highlighted how several new ransomware groups have emerged on the scene to fill the vacuum left by the high-profile ransomware group ALPHV (BlackCat) who allegedly ceased operations in Q1. Among the most prolific groups highlighted in 2024, as identified by Corvus Insurance, Blackberry, TrendMicro, Symantec and others, are Qilin (also known as Agenda), PLAY, and RansomHub. Qilin alone claimed nearly double the number of attacks from Q1 to Q2, while RansomHub reportedly tripled its attack volume during the same period, notes Symantec. RansomHub’s prolific activities in particular have drawn attention from the FBI and DHS’s Cybersecurity and Infrastructure Security Agency (CISA), prompting a joint advisory issued on August 29, 2024. The advisory explains how the criminal group employs a double-extortion tactic of encrypting and exfiltrating data and has successfully targeted at least 210 organizations across nearly all industry sectors since February 2024.
Notably, the Global Resilience Fund (GRF) report highlights how manufacturing continues to be the most targeted sector by ransomware groups in 2024. The report further notes that there has been a slight shift in 2024 from criminal groups targeting mid-sized organizations to now targeting small manufacturers, crediting the possible shift to midsized manufacturers hardening their systems and enhancing network segmentation efforts.
According to multiple reports, including TrendMicro, attackers continue to exploit known vulnerabilities in public-facing applications. Accessing high-risk cloud applications have dominated the list of risk events in 2024 so far, says TrendMicro, highlighting the importance of maintaining up-to-date endpoint protection on unmanaged devices. The report further highlights how criminal groups are capitalizing on AI technologies to fine tune their attacks.
As the frequency and severity of ransomware attacks continue to increase, organizations should continue to take proactive steps to enhance their overall security and mitigate potential risk through backups and redundancies. To learn more about ransomware readiness and response, visit Alston & Bird’s Ransomware Fusion Center for a wide variety of resources to help safeguard your organization.