New Research Shows a Continuing Increase in Ransomware Victims

GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report.

In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals.

“Overall, we’re seeing an increasingly volatile ransomware ecosystem. Law enforcement disruptions this quarter appear to have temporarily slowed or shifted operational activities of prolific Ransomware-as-a-Service (RaaS) groups, including Alphv and LockBit,” said Drew Schmitt, Practice Lead, GRIT. “Affiliates are the lifeblood of RaaS operations, and in the wake of these disruptions, we’ve already observed smaller RaaS groups attempting to recruit disaffected or displaced affiliates. While the long-term effects of law enforcement efforts are yet to be seen, we expect a turbulent Q2 as the RaaS landscape continues to evolve.”

The GRIT Q1 2024 Ransomware Report takes an in-depth look at the shifting RaaS ecosystem, including the residual impact on LockBit from the Operation Cronos Task Force, an international law enforcement effort helmed by the UK National Crime Agency (NCA). Other notable Q1 ransomware events include an apparent exit scam from Alphv following its highly-publicized Change Healthcare ransomware attack, re-extortion attempts from Phobos affiliates and self-proclaimed renewed collaboration from members of the “Five Families” cybercrime collective.

Key Highlights of the Report:

  • Q1 2024 resulted in a nearly 20% increase in reported victims over Q1 2023, despite the disruption of LockBit and the disbandment of Alphv, two of the largest and most prolific ransomware groups.
  • The number of active ransomware groups more than doubled year-over-year, increasing 55% from 29 distinct groups in Q1 2023 to 45 distinct groups in Q1 2024.
  • The top three most active ransomware groups were LockBit, Blackbasta and Play. Even with significant law enforcement disruption in February 2024, LockBit maintained the top spot among RaaS service operations at 219 victims, albeit with a lower operational tempo compared to previous quarters. LockBit claimed an average of almost 3 victims per day before the disruption occurred on February 20th, and had an average of about 2 victims per day from February 24th through the end of March.
  • The industries most impacted by ransomware in Q1 2024 were manufacturing, retail & wholesale and healthcare, respectively. The retail & wholesale industry experienced a surge in observed activity during the quarter, accounting for 7% of all observed posts and overtaking healthcare to become the second-most impacted industry.
  • For the first time since Q2 2023, over half of all observed ransomware victims were based in the United States, making it the most targeted country with a total of 537 victims. Though the United Kingdom saw the largest decrease in observed victims by country (-26%), it still held the second highest number of observed ransomware attacks (60).

“As the ransomware ecosystem responds to recent events with long standing, highly-impactful groups, we anticipate an upward trend in opportunistic and indiscrete attacks regardless of industry and previous RaaS norms,” Schmitt added. “It’s also likely that some portion of relatively less mature Emerging and Developing groups maintain a steady enough increase in operations to become new long-standing Established groups.”

The GRIT Q1 2024 Ransomware Report is based on data obtained from publicly available resources, including threat groups themselves, as well as threat analyst insights into the ransomware threat landscape.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.