According to the latest research from Barracuda Networks, a leading provider of cloud-first security solutions, more than a fifth (21%) of reported ransomware incidents in the past 12 months hit healthcare organizations, up from 18% a year ago. This was followed by manufacturing with 15% of reported attacks and technology companies with 13%, while education-related incidents are predicted to halve from 18% last year to account for 9% in 2023/24.
Barracuda researchers analyzed publicly-disclosed ransomware attacks between August 2023 and July 2024, involving 37 countries and 36 different ransomware groups.
The most prevalent ransomware group was the Ransomware-as-a-Service (RaaS) model, with LockBit accounting for one in six (18%) of attacks where the attacker’s identity was known, while ALPHV/BlackCat ransomware accounted for 14% of attacks, the Barracuda report said.
Similar findings were reported in Arete’s Crimeware Report: According to the report, the first half of 2024 (H1 2024) was characterized by an increasingly complex threat landscape, despite successful attempts by law enforcement to disrupt ransomware activity.
International law enforcement actions against LockBit and ALPHV/BlackCat, the two most active Ransomware-as-a-Service (RaaS) groups in 2024, have significantly fragmented the ransomware and extortion landscape.
LockBit’s activity has declined significantly since international sanctions were imposed on its leader, Dmitry Yuryevich Khoroshev, who hindered the group’s ability to collect ransoms from victims. However, ALPHV eventually ceased operations in March 2024. Meanwhile, the Akira ransomware group carried out the most attacks in Q2 2024, the report highlights.
Meanwhile, Seqrite, a corporate arm of Quick Heal Technologies Ltd, a global cybersecurity solutions provider, has released its latest findings on a dangerous fileless ransomware campaign called “Cronus” that targets unsuspecting users through fraudulent PayPal documents. Hackers have been abusing a legitimate Windows tool, PowerShell, to deliver this advanced ransomware without leaving any traces in the form of files, making it extremely difficult to detect with traditional antivirus software. Once activated, the ransomware locks crucial data and demands ransom from victims.
“Ransomware gangs have evolved into highly organised cybercrime networks, strategically investing in sophisticated tools and techniques to refine their attacks and negate past failures. One common method is to infiltrate large enterprises through smaller, less secure supply chain vendors. Once inside, they paralyse operations and demand ransom, often using double extortion tactics – not only encrypting critical data, but also threatening to leak confidential information on dedicated leak sites to coerce victims into paying the ransom,” said Dr Sanjay Katkar, Joint Managing Director, Quick Heal Technologies Limited.
“At Seqrite, we focus on proactive threat detection and deploy AI-powered solutions to identify and neutralize ransomware threats before they enter the network. By continuously monitoring endpoints and integrating multi-layered defense, we help organizations stay ahead of evolving attacks and protect their critical infrastructure,” he further added.
Looking ahead, collaboration between law enforcement, cybersecurity companies, and organizations will be essential to combat evolving threats. By staying informed and prepared, businesses can mitigate the risks that ransomware poses and protect critical assets from falling into the wrong hands. The fight against cybercrime is on, and unity is essential to creating a safer digital environment for everyone.
