Changes in ransomware landscape sees new players and tactics emerge.
Statistics for Q2 2024 reveal significant changes in the ransomware-as-a-service (RaaS) landscape following major law enforcement actions.
According to research from ReliaQuest, 1,237 organisations were listed on ransomware leak sites in Q2, marking a 20% increase from Q1 2024, but only a one percent rise compared to the first half of 2023, indicating a slowed growth trend.
The fluctuations within Q2 2024 are attributed to upheavals in the RaaS ecosystem, causing competition among ransomware groups for affiliates. Also major players like ALPHV/BlackCat and LockBit faced disruptions, allowing newer gangs like RansomHub and BlackSuit to gain prominence. RansomHub, in particular, has attracted former affiliates by allowing them to collect ransoms directly, leading to a 243% increase in victims between Q1 and Q2.
Additionally, changing attack tactics, such as increased use of stolen credentials and potential rises in supply chain attacks, show an evolution of strategies among cybercriminals.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
