Number of active ransomware groups increases over 50 percent

A new report from dark web intelligence specialist Searchlight Cyber shows a 56 percent increase in the number of active ransomware groups this year compared to the first half of 2023, reflecting a diversification of the ransomware landscape.

LockBit has retained its top position despite the disruption caused by Operation Cronos, though its number of listed victims has fallen compared to H1 2023.

BlackCat and Cl0p though have slipped out of the top five rankings, with Play, RansomHub, BlackBasta, and 8Base filling the slots behind LockBit.

RansomHub, a new ransomware group, has quickly established itself as the third most prolific group, despite it only emerging in February. This rapid rise suggests it has possible connections to established players like BlackCat.

Luke Donovan, head of threat intelligence at Searchlight Cyber, says, "As we've seen in the first half of 2024, the ransomware landscape is not just expanding, it's fragmenting. With over 70 active ransomware groups now in operation, the ransomware landscape is becoming more complex for cybersecurity professionals to navigate. The diversification we're witnessing means that smaller, lesser-known groups can emerge rapidly and execute highly targeted attacks. This report underscores the need for organizations to continuously monitor the ransomware ecosystem, identify the groups that pose the greatest risk to them, and use threat intelligence to inform their defensive strategies."

On a more positive note there has been a decline in the overall number of listed ransomware victims compared to H2 2023, suggesting that law enforcement operations may be starting to curb ransomware activities.

The report also reveals the continued dominance of the Ransomware-as-a-Service (RaaS) model among the most active groups.

The full report is available on the Searchlite Cyber site.

Image Credit: Irinayeryomina/Dreamstime.com