iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
And it’s not just attacks – new gangs were popping up with alarming speed over the first few months of 2024.
A cyber security insurance specialist has released a worrying set of figures showing that despite law enforcement successes in combating ransomware, the number of attacks is rising year on year.
Corvus Insurance’s Q1 Ransomware Report: Ransomware Groups Don’t Die, They Multiply paints a picture of the ransomware ecosystem that is expanding, with 2024’s first quarter the most active year on record for ransomware attacks.
According to the report, 1,075 ransomware attacks were reported in January, February, and March of 2024 – a 21 per cent increase on the same period last year.
This is despite high-profile disruption operations that targeted two of the more prolific ransomware-as-a-service operators. Both LockBit and ALPHV had their darknet leak sites taken over by law enforcement in recent months, with LockBit’s alleged ringleader named and targeted by international sanctions.
However, both gangs were back in operation quickly, and many hungry newcomers were more than willing to take up any slack – 18 new leak sites were established in the first few months of 2024, another record high.
“Our analysis demonstrates that while the public brands of ransomware groups may change in the face of crackdowns, the threat, like the mythical Hydra with its multiplying heads, only redistributes and continues to grow,” Corvus said in its report.
“Our Hercules has yet to appear.”
That said, LockBit does appear to be a shadow of its former self, with Corvus noting that at least 40 per cent of the gang’s recent leak posts represent data already compromised before the gang’s site was taken over by law enforcement. At the same time, ALPHV effectively exit-scammed its affiliates after the successful hack of Change Healthcare, which netted the leaders of the gang a handsome US$20 million. Now, LockBit appears to be reposting old ALPHV victims as well.
“This is perhaps yet another indication of LockBit grasping for relevance in their post-takedown world,” Corvus said.
Regardless, affiliates who either no longer trust LockBit or who have been burned by ALPHV’s exit scam are still looking for groups to work with.
“So when we observe growth in ransomware activity even after two major groups shut down, we can look to where an affiliated individual or group might naturally go to continue their enterprise,” Corvus said.
“Indeed, our data shows recent upticks in activity from other ransomware groups, such as Black Basta, Akira, Hunters International and BianLian. This trend supports the notion that affiliates are likely shifting their operations to alternative groups.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
