Here’s a piece of good news from the cybersecurity space – some of the established players were reined in the first half of 2024. Bad news, however, some new and únnamed’players haved entered the scene.

A new report from cybersecurity solutions company Arete reveals a shifting landscape in the world of ransomware and cyber extortion. While law enforcement agencies have successfully disrupted established ransomware groups, new and adaptable threat actors have stepped in to fill the void.

This has resulted in a more fragmented and unpredictable landscape, as these emerging groups employ diverse tactics to evade detection and maximise their impact, according to the Arete’s Crimeware Report, which threw light on ransomware and extortion trends and shifts in the cyber threat landscape.

The concerted efforts by law enforcement agencies have significantly disrupted the operations of major ransomware groups, including ALPHV and LockBit in the first half of 2024. The decline of established groups has created opportunities for new and lesser-known ransomware groups to emerge, leading to a more fragmented threat landscape.

Threat actors are adapting their operational models to avoid law enforcement scrutiny, including stricter vetting of affiliates and operating as private groups rather than 

Despite disruptions, successful ransomware attacks have proven to be more disruptive than ever. Notable attacks include those on Change Healthcare, Snowflake, CDK Global, and Synnovis Labs.

The report found that fewer organisations are opting to pay ransom demands, indicating improved cybersecurity preparedness and growing awareness of the risks associated with paying ransoms.

Resilience

Sectors such as Public Administration, Finance and Insurance, Manufacturing, and Wholesale Trade have demonstrated greater resilience in recovering from attacks without paying ransoms.

“Healthcare and social assistance and educational services are the sectors observed to be least likely to recover without paying the ransom. Data exfiltration likely plays a significant role here, as both sectors frequently deal with sensitive data and vulnerable individuals,” the report said. However, some threat actors may avoid attacking organisations in these sectors to avoid attracting attention from law enforcement.

Threat actors continue to rely on familiar tools and malware, including remote monitoring and management (RMM) tools, Cobalt Strike, and various malware variants.

Opportunistic threat actors are employing new extortion tactics, such as targeting a victim’s clients’ data and compromising subsidiaries of large companies to increase their leverage, it said.

The report’s findings underscore the dynamic nature of the ransomware landscape and the need for organisations to remain vigilant and proactive in their cybersecurity measures.

As law enforcement agencies continue to crack down on established ransomware groups, new actors are likely to emerge, necessitating ongoing adaptation and innovation in cybersecurity strategies.

Recommendations

Organisations should ensure that backups are regularly updated and securely stored to facilitate recovery in the event of a ransomware attack, Arete said.

It asked the organisations to establish a robust incident response plan to  minimise the impact of a cyberattack and expedite recovery.

Related Topics