The Impact of Active Ransomware Groups on Global Businesses
This year has been marked by a surge in the number of active ransomware groups, with 58 attacking global businesses in the second quarter alone. According to Cyberint, there was only a slight decrease in the third quarter, with 57 active groups. This uptick in ransomware activity poses a significant threat to businesses worldwide, as these competing gangs intensify their efforts to target vulnerable organizations.
Adi Bleih, a security researcher at Cyberint, highlighted the increased risk that businesses now face due to the growing number of active ransomware groups. The heightened competition among these groups has led to more frequent attacks, leaving little room for error for enterprise cybersecurity teams. Minor security gaps and vulnerabilities that may have gone unnoticed in the past now have the potential to result in major security incidents.
The Impact of Law Enforcement Operations on Ransomware Groups
Law enforcement operations have played a role in disrupting the activities of some of the most prolific ransomware groups. WithSecure’s research revealed that 31 out of the 67 tracked ransomware groups in 2023 were no longer operational as of Q2 2024. NCC Group also reported a decline in ransomware attacks in June and July, attributing it to disruptions caused by operations like the takedown of LockBit.
LockBit, once a dominant player in ransomware attacks, saw a significant decrease in its activity in the third quarter. Similarly, ALPHV, the second-most prolific group, faced internal turmoil after a botched cyber attack and subsequent exposure by an affiliate. These developments indicate that law enforcement actions are having an impact on established ransomware gangs, creating opportunities for smaller groups to emerge.
Emerging Trends in Ransomware Attacks
Ransomware groups are increasingly targeting Linux-based systems and VMware ESXi servers. Cyberint’s report highlighted the focus on these platforms, which are critical to many businesses’ infrastructure. The use of custom malware and legitimate tools by attackers has also become more sophisticated, allowing them to evade detection and carry out attacks more effectively.
As ransomware groups adapt and evolve their tactics, the cybersecurity landscape continues to shift. The ongoing crackdown on established gangs signals a changing environment for ransomware actors, with new groups vying for dominance in the illicit market. Businesses must remain vigilant and enhance their security measures to protect against the evolving threat of ransomware attacks.