Ransomware Rampage: Attacks Surge 30% with 31 New Groups

In 2024, the number of active ransomware groups surged by 30%, as confirmed by the annual report from Secureworks, published on October 8th. The report highlights the emergence of 31 new groups on the cyber threat landscape over the past 12 months. Leading the ranks of the most active ransomware gangs are LockBit, PLAY, and RansomHub.

LockBit remains the undisputed leader among ransomware groups, responsible for 17% of all attacks, though its activity has declined by 8% compared to the previous year. Meanwhile, the PLAY ransomware gang has doubled its number of attacks, and the newly emerged RansomHub has swiftly entered the top three, capturing 7% of the market.

The rising level of cybercrime reflects the fragmentation of what was once a monopolized ransomware ecosystem. Smaller groups are striving to establish themselves in the market, complicating corporate defenses by increasing the diversity of tactics. On average, attackers remain in their victims’ networks for about 28 hours, though some attacks can take mere hours or stretch over several days.

The report also notes a rise in attacks involving session theft through adversary-in-the-middle (AiTM) techniques. These attacks pose a serious threat as they can bypass certain multi-factor authentication methods. Furthermore, criminals are increasingly leveraging artificial intelligence to enhance phishing attacks and develop malware.

The report underscores that cybercriminals continue to adopt new technologies, with cyberattacks increasingly supported by state-backed entities from China, Iran, and North Korea. These nations use cyberspace to further their geopolitical objectives, engage in espionage, and carry out sabotage on behalf of their governments.