Ransomware threat groups are on the rise, so be on your guard

Secureworks report says threat landscape is diversifying after the Lockbit disruption

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The number of active ransomware groups over the last 12 months is on the rise as criminals look for more ways to target businesses, new research has claimed.

The2024 State of Threat Reportfrom Secureworks has revealed a rise in the number of active ransomware groups over the last 12 months - identifying a 30% rise in the number of active groups.

The figures represents a diversification of the landscape rather than a particularly drastic increase in criminals. Since the notorious Lockbit disruption, in which the most prolific group was briefly shut down, the ransomware ecosystem has evolved, with 31 new groups being established.

A variety of tactics

One of the key findings from the report is that unpatched vulnerabilities remain the top Initial Access Vector (IAV) in ransomware attacks, making up almost 50% of all IAVs. This outlines more than ever the importance of staying on top of cybersecurity and software updates.

In 2024, PLAY has become the most active group, and has doubled its victim count year-on year. Further evidence of the broadening of the attack sources is the fact that Lockbit, previously a dominant player, has seen an 8% reduction in its share of ransomware attacks.

“Cybercriminal ecosystems are akin to living organisms. They adapt and mutate in the face of disruption, reacting with speed to maintain the tempo of their attacks. The names and affiliations may be different, but the impact is the same, with attacks causing maximum business disruption, downtime, and remediation costs,” said Secureworks Vice President Don Smith.

The report also outlines a persistence of state-sponsored threat actors from Russia, China, and Iran amongst others. These are driven by geopolitical conflicts and underscore the growing use of cyberattacks as a political tool.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Unsurprisingly, AI continues to flourish as a tool for malicious actors, contributing to both the problem and the solution as the technology is increasingly used in both cyberattacks and cybersecurity solutions. This is consistent with earlier research which suggests ransomware hasas much as doubled thanks to AI.

More from TechRadar Pro

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

A new form of macOS malware is being used by devious North Korean hackers

England vs Australia live stream: how to watch 2024 rugby union Autumn International online from anywhere