GuidePoint Security Finds Increased Ransomware Activity, New Group Behavior Patterns in Q1 2024 Ransomware Report
18 April 2024 - 8:02PM
Business Wire
New Quarterly Ransomware Analysis From GuidePoint’s Research and
Intelligence Team (GRIT) Highlights 55% YoY Increase in Active
Ransomware Groups
GuidePoint Security, a cybersecurity solutions leader enabling
organizations to make smarter decisions and minimize risk,
announced today the release of GuidePoint Research and Intelligence
Team’s (GRIT) Q1 2024 Ransomware Report.
In addition to revealing a nearly 20% year-over-year increase in
the number of ransomware victims, the GRIT Q1 2024 Ransomware
Report observes major shifts in the behavioral patterns of
ransomware groups following law enforcement activity – including
the continued targeting of previously “off-limits” organizations
and industries, such as emergency hospitals.
“Overall, we’re seeing an increasingly volatile ransomware
ecosystem. Law enforcement disruptions this quarter appear to have
temporarily slowed or shifted operational activities of prolific
Ransomware-as-a-Service (RaaS) groups, including Alphv and
LockBit,” said Drew Schmitt, Practice Lead, GRIT. “Affiliates are
the lifeblood of RaaS operations, and in the wake of these
disruptions, we’ve already observed smaller RaaS groups attempting
to recruit disaffected or displaced affiliates. While the long-term
effects of law enforcement efforts are yet to be seen, we expect a
turbulent Q2 as the RaaS landscape continues to evolve.”
The GRIT Q1 2024 Ransomware Report takes an in-depth look at the
shifting RaaS ecosystem, including the residual impact on LockBit
from the Operation Cronos Task Force, an international law
enforcement effort helmed by the UK National Crime Agency (NCA).
Other notable Q1 ransomware events include an apparent exit scam
from Alphv following its highly-publicized Change Healthcare
ransomware attack, re-extortion attempts from Phobos affiliates and
self-proclaimed renewed collaboration from members of the “Five
Families” cybercrime collective.
Key Highlights of the Report:
- Q1 2024 resulted in a nearly 20% increase in reported
victims over Q1 2023, despite the disruption of LockBit and the
disbandment of Alphv, two of the largest and most prolific
ransomware groups.
- The number of active ransomware groups more than doubled
year-over-year, increasing 55% from 29 distinct groups in Q1
2023 to 45 distinct groups in Q1 2024.
- The top three most active ransomware groups were LockBit,
Blackbasta and Play. Even with significant law enforcement
disruption in February 2024, LockBit maintained the top spot among
RaaS service operations at 219 victims, albeit with a lower
operational tempo compared to previous quarters. LockBit claimed an
average of almost 3 victims per day before the disruption occurred
on February 20th, and had an average of about 2 victims per day
from February 24th through the end of March.
- The industries most impacted by ransomware in Q1 2024 were
manufacturing, retail & wholesale and healthcare,
respectively. The retail & wholesale industry experienced a
surge in observed activity during the quarter, accounting for 7% of
all observed posts and overtaking healthcare to become the
second-most impacted industry.
- For the first time since Q2 2023, over half of all observed
ransomware victims were based in the United States, making it
the most targeted country with a total of 537 victims. Though the
United Kingdom saw the largest decrease in observed victims by
country (-26%), it still held the second highest number of observed
ransomware attacks (60).
“As the ransomware ecosystem responds to recent events with long
standing, highly-impactful groups, we anticipate an upward trend in
opportunistic and indiscrete attacks regardless of industry and
previous RaaS norms,” Schmitt added. “It’s also likely that some
portion of relatively less mature Emerging and Developing groups
maintain a steady enough increase in operations to become new
long-standing Established groups.”
The GRIT Q1 2024 Ransomware Report is based on data obtained
from publicly available resources, including threat groups
themselves, as well as threat analyst insights into the ransomware
threat landscape.
For more information:
- Download the GRIT 2024 Q1 Ransomware Report
- Register for GRIT’s upcoming webinar on April 24, “Beyond The
Leak Sites: Analyzing the Impact of Ransomware in Early 2024”
- Download the GRIT Ransomware Taxonomy whitepaper
About GuidePoint Security
GuidePoint Security provides trusted cybersecurity expertise,
solutions, and services that help organizations make better
decisions that minimize risk. Our experts act as your trusted
advisor to understand your business and challenges, helping you
through an evaluation of your cybersecurity posture and ecosystem
to expose risks, optimize resources and implement best-fit
solutions. GuidePoint’s unmatched expertise has enabled a third of
Fortune 500 companies and more than half of the U.S. government
cabinet-level agencies to improve their security posture and reduce
risk. Learn more at www.guidepointsecurity.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240418878323/en/
Nicole Lavella nicole.lavella@guidepointsecurity.com
703-403-7066