Report Shows a 56 Percent Increase in Active Ransomware Groups in First Half of 2024

Searchlight Cyber has released its latest report, revealing key ransomware trends for the first half of 2024. Ransomware in H1 2024: Trends from the Dark Web showcases how the ransomware scene has shifted since the release of its annual ransomware report 2024 at the start of the year. The report offers key insights drawn from dark web intelligence to help organizations bolster their defenses against emerging threats.

The report shows how – in just six months of the year – one of the biggest ransomware groups (BlackCat) ceased operations, a new gang (RansomHub) emerged in February and quickly established itself as the third most prolific ransomware group, and outlines the effects of devastating attacks executed against organizations.

Other highlights of the report include:

  • A 56 percent increase in the number of active ransomware groups compared to H1 2023, reflecting a diversification of the ransomware landscape.
  • LockBit has retained its top position in spite of the disruption of Operation Cronos, though its number of listed victims has decreased compared to H1 2023.
  • BlackCat and Cl0p have forfeited their top five rankings, with Play, RansomHub, BlackBasta, and 8Base filling the top slots behind LockBit.
  • The emergence of RansomHub, a new ransomware group that quickly established itself as the third most prolific group, despite it only emerging in February. This group’s rapid rise suggests possible connections to established players like BlackCat.
  • A decline in the overall number of listed ransomware victims compared to H2 2023, indicating that law enforcement operations may be beginning to curb ransomware activities.
  • The continued dominance of the Ransomware-as-a-Service (RaaS) model among the most active groups.

The report also profiles new entrants in 2024 including APT73 and DarkVault, potential offshoots of the disrupted LockBit, who are expected to become significant threats in the near future. Quilong, a closed ransomware group that emerged in April 2024 also had a significant impact in the first half of the year, targeting healthcare organizations in Brazil.

Luke Donovan, Head of Threat Intelligence at Searchlight Cyber, commented: “As we’ve seen in the first half of 2024, the ransomware landscape is not just expanding, it’s fragmenting. With over 70 active ransomware groups now in operation, the ransomware landscape is becoming more complex for cybersecurity professionals to navigate. The diversification we’re witnessing means that smaller, lesser-known groups can emerge rapidly and execute highly targeted attacks. This report underscores the need for organizations to continuously monitor the ransomware ecosystem, identify the groups that pose the greatest risk to them, and use threat intelligence to inform their defensive strategies.” Click here to download the full report.

Featured

  • Why Communication is Key in an Emergency

    During an emergency, communication with the outside world can be a critical component when it comes to response time and saving lives. Emergency communications typically consist of alerts and warnings; directives about evacuating the premises; information about response status, and other matters that can impact response and recovery. Read Now

  • Trust But Verify

    Today’s world is built on software—whether it is third-party applications, open-source libraries, in-house developed tools, operating systems, containers or firmware. Organizations worldwide depend on these diverse software components to power their operations, connect with customers, and drive innovation. However, this reliance on software comes with hidden dangers: the blind trust placed in these software products. Many companies assume that the software they purchase, and use is secure and free from vulnerabilities, but recent high-profile software supply chain breaches have proven otherwise. The reality is that every piece of software, no matter how reputable the source, increases the organization’s attack surface and poses new risks. Read Now

  • Impact on Digital Transformation

    A 2023 Statista report projects that by 2030 there will be 30 billion Internet of Things (IoT) devices in use. That is three times as many as there were in 2020. The numbers continue to grow because connecting sensors and systems, especially across a business, promises big efficiency gains and new insights. As such, the IoT and IIoT (Industrial Internet of Things) have become a launching pad for digital transformation -- not only for individual organizations but for entire industries. Read Now

  • Optimizing Security and Business Performance with Clarity and Control

    In recent years, the security sector has experienced a significant influx of innovative technologies that have fundamentally transformed how organizations design, implement, and oversee their security programs. The widespread adoption of cloud-based infrastructure, edge processing, and AI or machine learning (ML) driven analytics has brought about revolutionary changes in applications such as access control, video surveillance and emerging areas like threat detection and drone identification. Read Now

Featured Cybersecurity

Webinars

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3