The number of active ransomware groups in the past 12 months has risen as criminals look for more ways to target companies, new research shows.
The 2024 State of Threat Report from Secureworks has revealed an increase in the number of active ransomware groups over the past twelve months, representing a 30% increase in the number of active groups.
The numbers represent a diversification of the landscape rather than a particularly drastic increase in the number of criminals. Since the infamous Lockbit disruption, which briefly shut down the most productive group, the ransomware ecosystem has evolved and 31 new groups have been created.
A variety of tactics
One of the key findings from the report is that unpatched vulnerabilities are still the most important Initial Access Vector (IAV) in ransomware attacks, accounting for nearly 50% of all IAVs. This underlines more than ever the importance of staying up to date on cybersecurity and software updates.
By 2024, PLAY has become the most active group and the number of victims has doubled year after year. Further evidence of the broadening of attack sources is the fact that Lockbit, previously a dominant player, has seen its share of ransomware attacks decline by 8%.
“Cybercriminal ecosystems resemble living organisms. They adapt and mutate in the face of disruption, reacting quickly to maintain the pace of their attacks. The names and affiliations may be different, but the impact is the same: attacks cause maximum business disruption, downtime and recovery costs,” said Don Smith, vice president of Secureworks.
The report also outlines the continued existence of state-sponsored threat actors from Russia, China and Iran, among others. These are caused by geopolitical conflicts and underline the increasing use of cyber attacks as a political tool.
It’s no surprise that AI continues to flourish as a tool for malicious actors, contributing to both the problem and the solution, as the technology is increasingly used in both cyberattacks and cybersecurity solutions. This is consistent with previous research showing that ransomware has as much as doubled thanks to AI.