Research from Searchlight Cyber has shown the number of ransomware groups that operated in the first half of 2024 rose to 73, up from 46 in the same period of 2023. The findings suggest law enforcement’s efforts to curb cyber criminal groups have seen some success, especially in disrupting the operations of notorious group BlackCat, which has since dissolved.
Groups were targeted by law enforcement in ‘Operation Cronos’, which facilitated the arrests of two people, took down 28 servers, obtained 1,000 decryption keys, and froze 200 crypto accounts – all linked to the infamous LockBit organization.
Although the number of groups has risen, the number of victims has fallen, which indicates a potential diversification rather than growth of ransomware groups. Other Ransomware as a Service (RaaS) groups such as RansomHub and BlackBasta have become more active, complicating the landscape for cyber security.
Persistent threats
The disruptions of cyber criminal activities should not be mistaken for the conclusion of operations. New organizations such as DarkVault and APT73 are expected to become more prolific in the near future.
Head of Threat Intelligence at Searchlight Cyber, Luke Donovan comments, “As we’ve seen in the first half of 2024, the ransomware landscape is not just expanding, it’s fragmenting. With over 70 active ransomware groups now in operation, the ransomware landscape is becoming more complex for cybersecurity professionals to navigate.”
He adds, “The diversification we’re witnessing means that smaller, lesser-known groups can emerge rapidly and execute highly targeted attacks.”
Recently, groups like Qilin have caused serious damage attacking NHS hospitals, which affected surgeries and transplants. The risks posed by these threat actors is illustrated in their willingness to attack high-impact targets in order to leverage as much ransom as possible.