Research from Searchlight Cyber has shown that the number of ransomware groups operating in the first half of 2024 rose to 73, up from 46 in the same period in 2023. The findings suggest that law enforcement efforts to curb cybercriminal groups have had some success, particularly in disrupting the operations of the notorious BlackCat group, which has since disbanded.
The groups were targeted by law enforcement in “Operation Cronos,” which led to the arrest of two people, the taking down of 28 servers, the obtaining of 1,000 decryption keys, and the freezing of 200 cryptocurrency accounts, all linked to the infamous LockBit organization.
Although the number of groups has increased, the number of victims has decreased, indicating a possible diversification rather than growth of ransomware groups. Other ransomware-as-a-service (RaaS) groups, such as RansomHub and BlackBasta, have become more active, complicating the cybersecurity landscape.
Persistent threats
The halting of cybercriminal activities should not be confused with the termination of operations. New organizations such as DarkVault and APT73 are expected to become more prolific in the near future.
Luke Donovan, Director of Threat Intelligence at Searchlight Cyber, comments: “As we’ve seen in the first half of 2024, the ransomware landscape is not only expanding, it’s fragmenting. With over 70 active ransomware groups in operation, the ransomware landscape is becoming more complex for cybersecurity professionals to address.”
He added: “The diversification we are seeing means that smaller, lesser-known groups can emerge quickly and carry out highly targeted attacks.”
Recently, groups like Qilin have caused Serious damage affecting the NHS hospitals, affecting surgeries and transplants. The risks posed by these threat actors are illustrated by their willingness to attack high-impact targets to extract the largest ransom possible.
