The recent strikes against ransomware groups are having an impact and are causing ransomware productivity to flatten in 2024. However, attackers are increasingly focusing on SMBs. And the further bad news: LockBit is about to make a comeback.
The new WithSecure report offers a detailed look at the latest developments in the world of ransomware. One of the key findings from the first half of 2024 is that ransomware industry productivity has stopped increasing after peaking in late 2023. There are also interesting developments in attack targets and industry dynamics.
SMEs more in focus of ransomware
While ransomware productivity is slowing this year, the frequency of attacks and the amount of ransom payments collected continued to increase in the first half of 2024 compared to the same periods in the previous two years. "There is a clear shift toward small and medium-sized businesses, which now make up a larger share of ransomware victims," said Tim West, Director of Threat Intelligence and Outreach at WithSecure.
What is clear is that law enforcement actions, particularly the takedown of the LockBit ransomware group in February 2024, have played a critical role in disrupting large ransomware operations. These efforts have resulted in the seizure of significant assets and the destruction of critical infrastructure on the part of the ransomware groups.
Despite these disruptions, the long-term impact of law enforcement on the ransomware ecosystem remains uncertain as groups tend to adapt and evolve. The report shows increasing evidence of a restructuring phase at LockBit, particularly since June 2024. As a result, the authors conclude that LockBit almost certainly intends to return to the industry with a more robust operating model.
Ransomware-as-a-Service (RaaS) continues to trend
The report examines the architecture of ransomware-as-a-service (RaaS) collectives and highlights the increasing competition between ransomware franchises to attract affiliates. Following the demise of prominent groups such as LockBit and ALPHV, many new “nomadic” ransomware affiliates have joined forces with more established RaaS brands.
The report also addresses the ongoing problem of reinfection. One finding: The data shows that a significant percentage of organizations that paid ransoms were later attacked again by the same or other ransomware groups.
More at WithSecure.com
About WithSecure WithSecure, formerly F-Secure Business, is the trusted partner in cyber security. IT service providers, managed security services providers and other companies trust WithSecure - as do large financial institutions, industrial companies and leading communication and technology providers. With its results-oriented approach to cyber security, the Finnish security provider helps companies to put security in relation to operations and to secure processes and prevent business interruptions.