Ransomware Attacks Increased by 9% In Q2, 2024
New data released by Guidepoint Security shows there has been a 9% quarter-over-quarter increase in ransomware attacks, with H1, 2024 attacks up by 5% compared to H1, 2023. Ransomware attacks typically increase from Q1 to Q2, and while 2024 is no different in that respect, the percentage increase was far lower than the 37% increase in attacks between Q1 2023 and Q2 2023.
The data analyzed by GuidePoint’s Research and Intelligence Team (GRIT) shows the number of active ransomware groups is growing, and those groups are attacking a much broader range of targets. The leading industries for ransomware attacks in Q2, 2024 were manufacturing, technology, and healthcare. Technology companies had the biggest increase in attacks, rising to 10% of attacks in the quarter, the highest placement for the sector since Q3, 2023. In Q2, 2024, the most active ransomware groups targeting the healthcare sector were LockBit, Bianlian, and Inc Ransom.
While the increase in attacks was relatively modest, the GRIT team notes that in H1, 2024, there was an international law enforcement operation that disrupted the LockBit ransomware group, one of the most prolific ransomware groups in recent years and the only ransomware group to retain its position as one of the top 5 ransomware groups year-over-year. Following the disruption, the number of attacks conducted by the group on U.S. targets fell from 56% of attacks before sanctions were imposed on LockBit by the United States in May 2024 to 45% after the sanctions.
The prolific ALPHV/Blackcat ransomware group shut down its operation this year following the massive attack on Change Healthcare. The researchers believe that the shutdown of that operation, along with the disruption of LockBit by law enforcement, have been key drivers behind the increase in the number of distinct ransomware groups, as many affiliates from LockBit and ALPHV/Blackcat have switched to other ransomware groups.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
In Q2, 2024, the GRIT researchers tracked 1,117 publicly listed ransomware victims on leak sites by 49 distinct ransomware groups, with new listings added at an average rate of 12.3 victims per day. This is an increase from the 1,025 victims in Q1, 2024 by 45 ransomware groups, but a decrease from the 1,177 victims posted in Q2, 2023 by 41 ransomware groups.
The most prolific ransomware groups in Q2, 2024 were LockBit, Play, RansomHub, Akira, and 8base., based on additions to the groups’ data leak sites. LockBit was by far the most dominant ransomware group with more than twice the number of new victims as its closest rival. The number of LockBit victims was especially high due to a batch of 76 victims that were added to the group’s data leak site in May, which the GRIT researchers believe included a backlog of victims.
Play ransomware remains one of the most prolific groups; however, the group appears to prefer to keep a relatively low profile. The GRIT team does not anticipate a significant increase in Play attacks over the next two quarters. RansomHub, however, is currently the third most prolific ransomware group, and attacks could well increase. The group has rapidly risen to hold a position as one of the most prolific groups and that rise has occurred unusually quickly. RansomHub was the most active ransomware group in June 2024 in terms of the number of additions to its data leak site. The researchers attribute the increase to the group’s aggressive recruitment campaign and the preference for targeting seasoned ransomware affiliates, including affiliates who have recently been displaced due to the shutdown of ALPHV/Blackcat.
“As the ransomware ecosystem continues to evolve, we expect at least some portion of Emerging and Developing groups to steadily increase operations and become new long-standing Established groups,” said Justin Timothy, Security Consultant, GRIT. “It’s also likely that we’ll see ongoing threats from persistent, and quieter, ransomware groups, such as Play.”
