Security Brief: Surge in Ransomware Groups in Q3 2024 Reveals Shifting Dominance

0
78
Security Brief: Surge in Ransomware Groups in Q3 2024 Reveals Shifting Dominance

The Security Bite segment from DMN is presented by Mosyle, the exclusive Apple Unified Platform. We specialize in streamlining Apple devices, making them ready for work while maintaining enterprise-level safety. Our comprehensive approach to management pairs state-of-the-art, Apple-centric security measures with fully automated Hardening & Compliance, Next Generation EDR, AI-driven Zero Trust, and specialized Privilege Management, all supported by the most powerful and contemporary Apple MDM available. This ensures a completely automated Apple Unified Platform, trusted by over 45,000 organizations to prepare millions of Apple devices effortlessly and cost-effectively. Request your EXTENDED TRIAL today to discover why Mosyle is essential for your Apple environment.


Corvus, a prominent provider of cyber insurance, has released its Cyber Threat Report for the third quarter of 2024, which delves into the evolving ransomware landscape. The report indicates that while the increase in ransomware incidents is unsurprising, cybercriminals are becoming more competitive and adopting bolder strategies, instead of waiting for the next large-scale exploit event.

About Security Bite: Security Bite is a weekly column dedicated to security on DMN. Each week, Arin Waichulis offers insights on data privacy, uncovers vulnerabilities, or highlights emerging threats in Apple’s extensive ecosystem of over 2 billion active devices, aiming to keep you informed and safe.

Pasted Image 1 2 24 5 39 PM
Security Brief: Surge in Ransomware Groups in Q3 2024 Reveals Shifting Dominance 3

Changing Dynamics

Notably, Corvus’s recent Cyber Threat Report indicates that the ransomware landscape is becoming increasingly decentralized, with 59 active groups currently operating around the globe. The data suggests a move away from the dominance of major players (such as LockBit 3.0 and ALPHV) towards a more fragmented landscape.

This change may be a consequence of intensified law enforcement actions targeting larger groups. Earlier this year, the FBI, Europol, and the UK’s NCA effectively dismantled LockBit’s infrastructure, recovering over 1,000 decryption keys for victims. Despite the arrests, the LockBit group has continued to function, as signified by the “3.0” in LockBit 3.0, and ALPHV has faced a similar fate.

Currently, ransomware groups primarily operate as RaaS (Ransomware-as-a-Service) businesses. Here, malware developers (or operators) create the software, while less technically skilled affiliates purchase the malicious packages and deploy them against targets of their choosing. The operators manage payment processing and customer support for victims, typically taking a percentage of the ransom received.

With significant operators being taken down effectively, affiliates are reconsidering their options. They are now much more selective about their partnerships, akin to choosing a car with no accident history. The takedown of big groups often grants authorities access to internal systems, admin panels, and communication channels, posing considerable risks for affiliates. Investigations can uncover crucial operational details, cryptocurrency transaction histories, and traces that can lead back to the identity of affiliates.

This evolving scenario appears to nudge affiliates towards smaller, more nimble ransomware operations.

Emerging groups like RansomHub, which has seen a 160% rise in victims, exemplify how affiliate preferences are shifting. These smaller organizations often attract affiliates by offering more appealing conditions and enhanced security through their focused initiatives.

Key highlights include:

  • A slight increase in ransomware attacks to 1,257 victims in Q3
  • RansomHub, a new entity, becomes the most active, with 195 victims
  • Heightened targeting of the Construction and Healthcare sectors
  • 28.7% of attacks exploited VPN vulnerabilities
  • 75% of organizations lack adequate multi-factor authentication

Corvus compiles data anonymously from claims and various other sources.

Also: Why email security remains a significant challenge

Follow Arin: Twitter/X, LinkedIn, Threads

FTC: We use income-generating auto affiliate links. More.

ROBOROCK BF BANNER 750 x 1501