Report: Ransomware landscape changing, attacks down 16% since 2023
The number of cybercriminal groups engaging in ransomware attacks has risen since last year, but the total victim count—in all industries and spaces, including healthcare—has actually fallen.
According to a report from cybersecurity firm Searchlight Cyber, the number of active criminal ransomware groups stood at 72 during the first half of 2024, a rise from 46 a year prior. That 57% jump, however, has not resulted in more attacks. Since the second half of 2023, the number of organizations reported to have fallen victim to ransomware has dropped 16%.
However, it’s complicated. When compared to the first half of 2023, the number of ransomware incidents has increased 50% on the year. But, the data may not signal a seasonal trend. Instead, the recent reduction may be a result of law enforcement disruption, the report suggested.
Interestingly, the analysis from Searchlight Cyber—which is based on a review of dark web postings and other activity—shows large criminal groups, including LockBit and Black Cat, remain active and are recruiting. However, smaller ephemeral groups are entering the scene at an increasing rate.
These smaller organizations, Searchlight Cyber contends, conduct targeted attacks and post ransoms, then disappear. They may emerge later under a new name, but the tactic helps the groups to avoid the attention of law enforcement. It also makes it harder for “white hat” cybersecurity firms to keep up.
“What we could be seeing is the diversification—rather than the growth—of the ransomware scene,” Luke Donovan, head of Threat Intelligence at Searchlight Cyber, said in the report. “This hypothesis would be consistent with the fact that some of the biggest ransomware players have a clearly reduced influence, suggesting that there is no longer the ‘market dominance’ of a small number of highly prolific ransomware groups that there once was.”
In the report, Searchlight Cyber recommends strategies to avoid threats in this evolving landscape, including updating IT equipment and conducting routine vulnerability checks.
The full report is available here.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.