2024 Marks the Most Active February for Ransomware Attacks in Three Years | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware








2024 Marks the Most Active February for Ransomware Attacks in Three Years

March 20, 2024 – In February 2024, global levels of ransomware attacks increased by 46% from January, with a total of 416 cases compared to 285 in the previous month, according to NCC Group’s February Threat Pulse.

 

Year-on-year, ransomware attacks continue to rise. Data from February 2024 shows that levels of ransomware attacks were up 73% from 2023 and 124% from 2022, marking a steep upward trajectory of attack volume over the last three years.



Hunters and Qilin climb the ladder toward most prominent threat actors


Continuing its seven-month reign, and with nearly double its 64 attacks in January, LockBit 3.0 was responsible for 110 cases (33%), while Hunters was behind 10% of cases, and Qilin 9% — both of whom climbed from seventh and tenth place in January to second and third in February, respectively.

 

In joint third position with Qilin is BlackCat with 30 cases (9%). Though BlackCat is accustomed to being included in the most active monthly threat groups, Qilin, like Hunters, is relatively new to these levels of activity.

 

BianLian, Play and 8Base are in fourth, fifth, and sixth positions with 27 cases (8%), 25 cases (7%), and 24 cases (7%) respectively, all of whom were part of the top ten in January.

 


Ransomware attacks in North America and Europe surged by over 100% year-on-year


For the second time in 2024, North America and Europe dominate the total number of regional ransomware attacks with over 85% of cases.

 

North America experienced 55% (230) of all attacks, up 27% from 169 in February. With 123 attacks in February, Europe saw a 64% increase month-on-month.

 

In the remaining 15% of attacks, Asia experienced 30, South America 18, Oceania 7, and finally Africa with just 4 victims. This is mostly consistent with last month with just 1% differences between some of the regions.



Industrials continue to dominate sector attacks


February’s top 4 sectors attracting ransomware attacks mirror those of January 2024, bar Technology, which replaced consumer non-cyclicals in third place. This is despite a 4% increase month-on-month. Industrials continue to dominate the landscape accounting for 32% (134) of the 416 attacks observed in February, which, when compared to January, represents a significant increase of 40% from 96 cases.

 

Consumer Cyclials maintains second spot with 17% (66) and an increase of 66% from January. Consumer Non-Cyclicals was up two positions in February as a result of its increase in attacks by 135% (40), accounting for 10% of the total activity observed in the month.

 

The largest decrease in attacks came from the Academic & Educational Services sector where it saw a decline of 41% from 17 attacks in January to 10 in February (-7). This sector also saw its position in the list drop three places to tenth and accounted for 2% of observed attacks during the month.



Spotlight: RaaSCycling


In recent times, Operation Cronos made waves in law enforcement efforts against global digitally enabled crime, targeting the Lockbit group. Following this, ransomware group, ALPHV (also known as Blackcat), pulled off an exit scam under the guise of being disrupted by the FBI. Despite these high-profile incidents, smaller threat actors in the cybercriminal space remain motivated. Already in 2024, over 10 new ransomware groups have emerged, with six being advertised on a Russian forum that caters to ransomware-related activities. 

 

Matt Hull, global head of Threat Intelligence at NCC Group, said: “Recent law enforcement activity has the potential to polarize the ransomware landscape, creating clusters of smaller RaaS operators that are highly active and harder to detect due to their agility in underground forums and markets. 

 

“From our research in various criminal and dark web forums and marketplaces, it appears that the attention being drawn by the larger ‘brand’ ransomware such as LockBit and Cl0P is leading to new and small generic RaaS affiliate partnerships becoming the norm. As a result, detection and attribution could become harder, and affiliates may easily switch providers due to low entry thresholds and minimal monetary involvement. 

 

“For readers, this means maintaining vigilance. As big ransomware gangs continue operating, the anxiety around new and unestablished ransomware-as-a-service threats should not change your approach to defending and mitigating ransomware threats. These groups, big and small, will likely be using tried and tested tactics, techniques, and procedures.

 

“We will continue our ongoing research in the dynamics of ransomware groups, and as always will endeavour to share any intelligence, insights and new developments in the threat landscape as soon as we are able.”





Read the Full Report


Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..

Subscribe







——————————————————–


Click Here For The Original Source.

.........................

National Cyber Security

FREE
VIEW