Ransomware attacks continue to pose a significant threat to organizations worldwide, with a 9% year-on-year increase in successful attacks advertised on leak sites in the first quarter of 2024, according to Symantec.
The finding reveals a notable increase in the number of ransomware attacks publicized on leak sites, with a 9% year-on-year growth in the first quarter of 2024. While the total of 962 reported attacks marks a decrease from the previous quarter's 1190 incidents, it still exceeds the 886 attacks recorded in the first quarter of 2023.
This persistence in ransomware activity comes even after significant actions against notorious groups like ALPHV/BlackCat and LockBit. In late 2023 and early 2024, international law enforcement agencies achieved notable successes, including arrests and the dismantling of critical infrastructure related to these groups. Although these efforts led to the disappearance of BlackCat, LockBit continues to operate robustly.
LockBit, in particular, has proven resilient, maintaining its status as the most formidable ransomware threat. It was responsible for over 20% of all ransomware attacks reported in the early months of 2024, according to Symantec. This indicates not only the group's persistence but also the ongoing challenges that organizations face in safeguarding their digital environments against such sophisticated cyber threats.
LockBit remains the most active group, accounting for a significant 32% of ransomware attacks as per Symantec's investigations. This indicates LockBit's robust capabilities and persistent threat presence in the cyber landscape.
Other ransomware groups like Akira and Blacksuit also show substantial activity, with Akira involved in 14% and Blacksuit in 11% of the attacks. These figures suggest that these groups have been successful in advancing their attacks to critical stages.
In contrast to Symantec’s findings, leak site data indicates a more distributed activity among other groups such as Qilin, Play, Phobos, Hunters, and Bianlian, each holding about 7% share of publicized attacks. This variance may point to different tactics or public disclosure practices among the groups.
Finally, the use of "Bring-Your-Own-Vulnerable-Driver" (BYOVD) tactics, as highlighted by Symantec, is a concerning trend in cybersecurity where attackers exploit legitimate, digitally signed drivers to bypass security measures and gain elevated privileges on a system. This technique underscores the sophisticated methods cybercriminals employ to manipulate existing vulnerabilities for their gain.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.