Ransomware remains a formidable threat facing organizations, with 49 active groups impacting more than 1,000 publicly posted victims in the third quarter 2024, according to a new report.

The report from GuidePoint Security's Research and Intelligence Team (GRIT) shows threat actors are increasingly leveraging legitimate services and platforms to deliver targeted phishing messages. While the abuse of trusted notification services is not a new approach to delivering malware, the research team has recently observed novel -- and progressively sophisticated -- delivery techniques.

"While RaaS groups have made efforts to fill the power vacuum left by AlphV and LockBit, there is still a notable gap in the ransomware ecosystem," says Grayson North, senior security consultant at GRIT. "Groups are more loosely affiliated than before, which is correlating with a wider, more diverse spread of victims, slower attack tempos and a stabilizing growth volume of active ransomware groups."

The sectors most impacted by ransomware in Q3 2024 are manufacturing, technology and healthcare, respectively. Manufacturing remains the most impacted industry by a substantial margin.

The United States accounted for over half of observed ransomware victims this quarter. However, the UK and Germany experienced a significant decline in observed attacks during the same period.

The research also finds that a strong 'middle class' has emerged in the Ransomware-as-a-Service ecosystem following a number of shakeups caused by law enforcement disruption. This middle class is distributing ransomware victims across a greater number of diverse groups.

"Unfortunately, a stabilizing growth pace doesn't translate to a massive decrease in ransomware attacks or make the attacks any less dangerous," North adds. "While the previously staggering growth of RaaS groups and attacks appears to have plateaued in recent months, ransomware remains a highly profitable endeavor for cybercriminals, and shows no indication of receding in 2024 or through 2025."

You can get the full report from the GuidePoint site.

