Ransomware productivity shows signs of leveling off

According to a new report, ransomware productivity has shown signs of leveling off in 2024, however, the frequency of attacks and ransom payments collected remains higher in the first half of 2024 compared to the same periods in 2022 and 2023.

The report from WithSecure suggests law enforcement actions, notably the take down of the Lockbit ransomware group in February 2024, have played a critical role in disrupting major ransomware operations.

Attackers have also shifted their targeting. "There has been a marked shift towards targeting small and medium-sized businesses, which now represent a larger proportion of ransomware victims," says Tim West, director of threat intelligence and outreach at WithSecure.

The study also looks at the architecture of Ransomware-as-a-Service (RaaS) collectives, emphasizing the growing competition among ransomware franchises to attract affiliates. Notably, following the decline of prominent groups like Lockbit and ALPHV, many newly 'nomadic' ransomware affiliates have aligned themselves with more established RaaS brands.

"Trust within the cybercriminal community has probably been significantly eroded due to incidents such as ALPHV's alleged exit scam, where affiliates were defrauded of their earnings, further complicating the dynamics within the ransomware ecosystem," West adds.

The report also touches on the persistent issue of reinfection, with data showing that a significant percentage of organizations that have paid ransoms are later targeted again by the same or different ransomware groups.

You can get the full report from the WithSecure site.

Image credit: lighthouse/depositphotos.com