The number of active ransomware groups over the last 12 months is on the rise as criminals look for more ways to target businesses, new research has claimed.
The 2024 State of Threat Report from Secureworks has revealed a rise in the number of active ransomware groups over the last 12 months – identifying a 30% rise in the number of active groups.
The figures represents a diversification of the landscape rather than a particularly drastic increase in criminals. Since the notorious Lockbit disruption, in which the most prolific group was briefly shut down, the ransomware ecosystem has evolved, with 31 new groups being established.
A variety of tactics
One of the key findings from the report is that unpatched vulnerabilities remain the top Initial Access Vector (IAV) in ransomware attacks, making up almost 50% of all IAVs. This outlines more than ever the importance of staying on top of cybersecurity and software updates.
In 2024, PLAY has become the most active group, and has doubled its victim count year-on year. Further evidence of the broadening of the attack sources is the fact that Lockbit, previously a dominant player, has seen an 8% reduction in its share of ransomware attacks.
“Cybercriminal ecosystems are akin to living organisms. They adapt and mutate in the face of disruption, reacting with speed to maintain the tempo of their attacks. The names and affiliations may be different, but the impact is the same, with attacks causing maximum business disruption, downtime, and remediation costs,” said Secureworks Vice President Don Smith.
The report also outlines a persistence of state-sponsored threat actors from Russia, China, and Iran amongst others. These are driven by geopolitical conflicts and underscore the growing use of cyberattacks as a political tool.
Unsurprisingly, AI continues to flourish as a tool for malicious actors, contributing to both the problem and the solution as the technology is increasingly used in both cyberattacks and cybersecurity solutions. This is consistent with earlier research which suggests ransomware has as much as doubled thanks to AI.