Ransomware up 33 percent in May as new groups emerge
The latest GRIT Ransomware Report from GuidePoint Security shows that May this year resulted in a 33 percent increase overall in ransomware activity compared to April 2024, indicating a degree of seasonality given a similar increase month-on-month in May 2023 relative to April 2023.
May 2024 closed with an increase in overall victim volume. However, a deep review reveals that the rise was driven disproportionately by LockBit's 175 posted victims, accounting for 37 percent of the month’s total publicly posted ransomware victims.
GRIT continues to observe year-on-year increases in the number of distinct ransomware groups operating too, with 38 unique groups claiming victims in May 2024, representing a 35.7 percent increase from May 2023, and showing increased dispersion of activity from small to big groups like Alphv/LockBit.
GRIT also began tracking four newly observed ransomware groups, which distinguish themselves with relatively quick starts, posting nearly ten victims in May 2024. This places them in the middle of the pack amongst competitors by victim volume and exceeding operational tempo.
"Two established groups, Play and RansomHub, appear to be emerging as new leaders in the ransomware landscape, having increased their operational tempo relative to early 2024," writes Justin Timothy, GuidePoint's threat intelligence consultant, on the company's blog. "Play has been within the top five most active groups since February 2024 and even rose to the top spot during April 2024. Despite only appearing publicly in February, RansomHub quickly rose to the ‘Top five’ in March and has gone on to become one of the three most prolific ransomware groups for the past two months; we assess this level of activity is likely to continue. We have covered RansomHub's recruitment efforts on illicit forums in previous Ransomware Reports, and these efforts appear to be paying dividends."
You can read more on the GuidePoint blog.
Image credit: 8vfand/Dreamstime.com