Ransomware groups develop more sophisticated business models

Ransomware groups continue to refine their craft, building and scaling business models that resemble legitimate corporate enterprises according to a new report.

The latest Ransomware Radar Report from Rapid7 finds smaller organizations are becoming a more frequent target too. Companies with annual revenues around $5 million are falling victim to ransomware twice as often as those in the $30-50 million range and five times more frequently than those with a $100 million revenue.

"The Ransomware Radar Report uses data to tell the story of how ransomware and the threat actors that wield it are evolving," says Christiaan Beek, senior director, threat analytics at Rapid7. "For example, the related source code, combined with a continuing decline in the number of unique ransomware families, suggests a move toward more specialized and highly effective ransomware variants, rather than a broad array of less sophisticated malware."

The report also notes the emergence of 21 new ransomware groups, the most notable of which, RansomHub, has quickly established itself as a prominent extortion group.

There's also been an increase in leak site posts, each post representing an extortion attempt. The number of ransomware groups actively posting to leak sites is increasing, from an average of 24 groups posting per month in the first half of 2023 to 40 per month in 1H 2024. Furthermore, 68 ransomware groups made a total of 2,611 leak site posts between January and June, representing a 23 percent increase in the number of posts made.

Although AI has an increasing influence in creating successful attacks Beek says, "I would say simplicity is still key. So as long as they don't need AI to create attack vectors like all the vulnerabilities that are out there, the moment a vulnerability surfaces. The number one attack vectors are still leaked passwords and logins because of course, security of the database has leaked. Though I did see recently, I think less than one or two weeks ago, a particular ransomware group announcing that their newest version has AI support."

You can access the full report now on the Rapid7 site.

Image credit: AndreyPopov/depositphotos.com