A new report shows a 20 percent year-on-year increase in the number of ransomware victims, along with major shifts in the behavioral patterns of ransomware groups.
The Q1 2024 ransomware report, from the GuidePoint Security Research and Intelligence Team (GRIT), finds the number of active ransomware groups more than doubled, increasing 55 percent from 29 distinct groups in Q1 2023 to 45 distinct groups in Q1 2024.
The top three most active ransomware groups were LockBit, Blackbasta and Play. Even with significant law enforcement disruption in February 2024, LockBit retained its top spot among RaaS service operations at 219 victims, albeit with a lower operational tempo compared to previous quarters. LockBit claimed an average of almost three victims per day before the disruption occurred on February 20th, and had an average of about two victims per day from February 24th through the end of March.
“Overall, we’re seeing an increasingly volatile ransomware ecosystem. Law enforcement disruptions this quarter appear to have temporarily slowed or shifted operational activities of prolific Ransomware-as-a-Service (RaaS) groups, including Alphv and LockBit,” says Drew Schmitt, practice lead, GRIT. “Affiliates are the lifeblood of RaaS operations, and in the wake of these disruptions, we’ve already observed smaller RaaS groups attempting to recruit disaffected or displaced affiliates. While the long-term effects of law enforcement efforts are yet to be seen, we expect a turbulent Q2 as the RaaS landscape continues to evolve.”
The industries most impacted by ransomware in Q1 2024 were manufacturing, retail and wholesale, and healthcare, respectively. The retail and wholesale industry experienced a surge in observed activity during the quarter, accounting for seven percent of all observed posts and overtaking healthcare to become the second-most impacted industry.
For the first time since Q2 2023, over half of all observed ransomware victims were based in the United States, making it the most targeted country with a total of 537 victims. Though the UK saw the largest decrease in observed victims by country (down 26 percent), it still held the second highest number of observed ransomware attacks (60).
The full report is available from the GuidePoint site.
Image credit: 8vfand/Dreamstime.com