The number of active ransomware groups is on the rise, research finds

2024 has seen a 56% rise in the number active ransomware groups

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Research fromSearchlight Cyberhas shown the number ofransomwaregroups that operated in the first half of 2024 rose to 73, up from 46 in the same period of 2023. The findings suggest law enforcement’s efforts to curb cyber criminal groups have seen some success, especially in disrupting the operations of notorious group BlackCat, which has since dissolved.

Groups were targeted by law enforcement in ‘Operation Cronos’, which facilitated the arrests of two people, took down 28 servers, obtained 1,000 decryption keys, and froze 200 crypto accounts - all linked to the infamous LockBit organization.

Although the number of groups has risen, the number of victims has fallen, which indicates a potential diversification rather than growth of ransomware groups. Other Ransomware as a Service (RaaS) groups such as RansomHub and BlackBasta have become more active, complicating the landscape for cyber security.

Persistent threats

The disruptions of cyber criminal activities should not be mistaken for the conclusion of operations. New organizations such as DarkVault and APT73 are expected to become more prolific in the near future.

Head of Threat Intelligence at Searchlight Cyber, Luke Donovan comments, “As we’ve seen in the first half of 2024, the ransomware landscape is not just expanding, it’s fragmenting. With over 70 active ransomware groups now in operation, the ransomware landscape is becoming more complex for cybersecurity professionals to navigate.”

He adds, “The diversification we’re witnessing means that smaller, lesser-known groups can emerge rapidly and execute highly targeted attacks.”

Recently, groups like Qilin have causedserious damage attacking NHShospitals, which affected surgeries and transplants. The risks posed by these threat actors is illustrated in their willingness to attack high-impact targets in order to leverage as much ransom as possible.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

A new form of macOS malware is being used by devious North Korean hackers

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case