Friend
Professional
- Messages
- 2,653
- Reaction score
- 838
- Points
- 113
Experts reveal the main attack vectors and key groups of ransomware.
In the first half of 2024, there is a steady increase in the activity of extortionate groups, despite significant efforts by law enforcement agencies to stop them.
According to Unit 42, the number of new publications about data compromise has reached 1,762, which is an average of 294 posts per month. This figure confirms that the threat level from ransomware remains high, even despite successful operations against some of them.
Especially prominent are 6 groups, which account for more than half of all recorded incidents. Although groups such as Ambitious Scorpius (BlackCat distributors) and Flighty Scorpius (LockBit distributors) have decreased their activity due to the intervention of law enforcement agencies, new threat actors have taken their place. Among them, Spoiled Scorpius (distributors of RansomHub) and Slippery Scorpius (responsible for DragonForce) stand out.
Comparison of 6 major ransomware groups for the whole of 2023 and the first half of 2024
The sectors most affected by the attacks were manufacturing, healthcare and construction. The manufacturing sector was the most vulnerable, with 16.4% of all attacks, which confirms the importance of the industry for ransomware. Health care, despite being highly sensitive to disruptions, also suffered significant attacks, with 9.6% of all reported cases. In turn, the construction sector ranked third with 9.4%.
Industries affected by ransomware in the first half of 2024
The United States was the country with the highest number of ransomware victims — 52% of all incidents. Canada, the United Kingdom, Germany, Italy, France, Spain, Brazil, Australia and Belgium are also among the top ten most affected countries.
Countries where organizations were affected by ransomware in the first half of 2024
Analysts note that the main reason for the growth of ransomware activity in 2024 was the rapid exploitation of recently identified vulnerabilities. Cybercriminals actively use opportunities to break into victims networks, increase privileges, and move laterally inside hacked systems.
Law enforcement agencies conducted a series of successful operations in the first half of 2024, which led to the arrests of key figures and the seizure of the infrastructure of some of the most well-known groups. However, despite these efforts, threats continue to evolve. New groups such as Spoiled Scorpius and Slippery Scorpius fill the vacuum created by the departure of older players, which emphasizes the need for constant monitoring and updating of security measures.
Source
In the first half of 2024, there is a steady increase in the activity of extortionate groups, despite significant efforts by law enforcement agencies to stop them.
According to Unit 42, the number of new publications about data compromise has reached 1,762, which is an average of 294 posts per month. This figure confirms that the threat level from ransomware remains high, even despite successful operations against some of them.
Especially prominent are 6 groups, which account for more than half of all recorded incidents. Although groups such as Ambitious Scorpius (BlackCat distributors) and Flighty Scorpius (LockBit distributors) have decreased their activity due to the intervention of law enforcement agencies, new threat actors have taken their place. Among them, Spoiled Scorpius (distributors of RansomHub) and Slippery Scorpius (responsible for DragonForce) stand out.
Comparison of 6 major ransomware groups for the whole of 2023 and the first half of 2024
The sectors most affected by the attacks were manufacturing, healthcare and construction. The manufacturing sector was the most vulnerable, with 16.4% of all attacks, which confirms the importance of the industry for ransomware. Health care, despite being highly sensitive to disruptions, also suffered significant attacks, with 9.6% of all reported cases. In turn, the construction sector ranked third with 9.4%.
Industries affected by ransomware in the first half of 2024
The United States was the country with the highest number of ransomware victims — 52% of all incidents. Canada, the United Kingdom, Germany, Italy, France, Spain, Brazil, Australia and Belgium are also among the top ten most affected countries.
Countries where organizations were affected by ransomware in the first half of 2024
Analysts note that the main reason for the growth of ransomware activity in 2024 was the rapid exploitation of recently identified vulnerabilities. Cybercriminals actively use opportunities to break into victims networks, increase privileges, and move laterally inside hacked systems.
Law enforcement agencies conducted a series of successful operations in the first half of 2024, which led to the arrests of key figures and the seizure of the infrastructure of some of the most well-known groups. However, despite these efforts, threats continue to evolve. New groups such as Spoiled Scorpius and Slippery Scorpius fill the vacuum created by the departure of older players, which emphasizes the need for constant monitoring and updating of security measures.
Source