RansomHub: The Reigning King of Ransomware Attacks
When it comes to successful ransomware attacks, one name reigns supreme – RansomHub. According to the latest data from Symantec, RansomHub has claimed the top spot for successful attacks in the third quarter of 2024.
Symantec’s threat intelligence report, Ransomware: Threat Level Remains High in Third Quarter, highlights the rise of RansomHub as the number one ransomware operation. With 191 victims posted to leak sites in Q3, RansomHub’s rapid ascent has been nothing short of impressive.
What sets RansomHub apart from its competitors is its ability to recruit experienced affiliates for its ransomware-as-a-service operation. Offering more attractive terms than rival outfits, RansomHub has quickly established itself as a dominant player in the ransomware landscape.
But RansomHub’s rise to the top hasn’t come without casualties. LockBit, once a formidable player in the ransomware arena, saw a significant decline in successful attacks in Q3. This decline can be attributed to an international law enforcement operation that impacted LockBit’s activity earlier in the year.
On the other hand, Qilin’s fortunes are on the up, with a 44% increase in victim count in Q3. Symantec’s report highlights the disparity between publicly claimed attacks and actual ransomware activity investigated by their researchers, shedding light on the complexities of the ransomware landscape.
The Most Common Ransomware Tools
In Q3, Symantec identified four commonly observed tools and techniques used by ransomware actors:
- Living off the land: Native Windows utilities for lateral movement and command execution.
- Bring your own vulnerable driver (BYOD): Deployment of signed vulnerable drivers for kernel access.
- Remote desktop/admin: Abuse of legitimate remote administration tools for backdoor access.
- Data exfiltration: Theft of data before encryption, known as double extortion.
As the ransomware landscape continues to evolve, it’s essential to stay informed about the latest trends and tactics employed by threat actors. RansomHub’s rise to the top is a clear indication of the changing dynamics of the ransomware ecosystem.
For more insights on ransomware trends, be sure to read: Ransomware Attack Demands Reach a Staggering $5.2m in 2024
Image credit: Sue Thatcher / Shutterstock.com