Advertising
According to the “Ransomware Review: First Half of 2024”, a significant increase in ransomware attacks was observed worldwide in the first half of 2024.
With 1.762 published cases of compromise on leak sites, the number of attacks is 4,3% higher than in the same period last year. In addition, Unit 42 researchers have identified a new Ransomware-as-a-Service (RaaS) group that has been active since May 2024 and is distributing the Cicada3301 ransomware. The report provides insight into the threat actors' tactics, techniques and procedures. Key findings of the review:
Advertising
- Germany among the top 5 of the most affected countries: Germany ranks fourth among the most affected countries worldwide, with a total of 4 documented attacks. The manufacturing sector in particular (61% of cases), as well as the construction industry (16,4%) and the healthcare sector (9,4%) continue to be the main targets of ransomware attacks. The high sensitivity to downtime makes these industries particularly vulnerable.
- LockBit remains Threat: The LockBit leak site is still active and publishes misleading information and outdated data.
This is being driven by other ransomware groups leveraging the leaked LockBit 3.0 source code to create their own ransomware variants. - Vulnerabilities remain the main gateway: Attacks on German companies were particularly favored by newly discovered vulnerabilities in IT systems. Ransomware groups use these security gaps to quickly gain access to networks, expand their rights and spread further within the system.
- collaboration between law enforcement agencies: International law enforcement efforts are beginning to show success, such as the arrests of members of well-known ransomware groups such as Muddled Libra and Flighty Scorpius. Despite these measures, the threat level remains high as new groups are rapidly forming and filling gaps.
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.