How ransomware has changed and the groups to watch out for in 2024


Web intelligence company Searchlight Cyber has released a new report on the ransomware landscape of the dark web, highlighting changing tactics and the groups that security teams need to look out for in 2024.

LockBit, BlackCat (also known as ALPHV or Noberus), and Cl0p were the most prolific ransomware groups of 2023 by the number of victims claimed on their dark web leak sites. However, a major finding of the report is that these groups' share of overall ransomware victims has actually decreased as the number of operators has grown.

LockBit's victims accounted for a third of the total posted on the dark web in the final three months of 2022 but its share only accounts for 17 percent in the last three months of 2023. The group's output hasn't decreased, in fact it doubled its total victim count from last year, but the ransomware world has got bigger.

New ransomware entities like 8Base, Akira, and Rhysida have emerged and quickly racked up a high victim count last year, making them groups to watch in 2024.

Jim Simpson, director of threat intelligence at Searchlight Cyber, says, "Our dark web intelligence shows that the ransomware landscape is becoming larger and more diverse. Small, specialized groups are emerging at pace while the large, established ransomware operations have also increased their output -- creating a more active landscape than this time 12 months ago. The expansion of the ransomware ecosystem means that organizations need the most up-to-date information on the specific ransomware threats facing their industry and their peers. Ransomware groups use the dark web to share their tactics, buy their initial access, and recruit affiliates -- security teams concerned about ransomware have to monitor this activity to understand and prepare for the latest threats."

The report also notes a shift in tactics as some ransomware actors have moved away from encryption-based attacks to direct data theft and extortion. Industries such as commercial services, capital goods, and healthcare face the highest risk of ransomware attacks, while the United States is the most attacked country.

You can get the full report from the Searchlight site.

Image credit: denisismagilov/

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.