Barracuda researchers analyzed publicly reported ransomware attacks covering August 2023 to July 2024, involving 37 countries and 36 different ransomware groups.

The most prevalent ransomware groups were ransomware-as-a-service (RaaS) models. These include LockBit, which was behind 1 in 6 (18%) of attacks where the identity of the attacker is known. While ALPHV/BlackCat ransomware accounted for 14% of attacks, the Barracuda report states.

The Crimeware Report by Arete reports similar findings. According to the report, the first half of 2024 (H1 2024) was characterized by an increasingly complex threat landscape despite law enforcement’s successful attempts to disrupt ransomware operations.

International law enforcement actions against LockBit and ALPHV/BlackCat—the two most prolific Ransomware-as-a-Service (RaaS) groups coming into 2024—resulted in a significant splintering in the ransomware and extortion landscape.

LockBit’s activity has significantly declined since international sanctions were imposed on its leader, Dmitry Yuryevich Khoroshev. Khoroshev disrupted the group’s ability to collect ransom payments from victims. However, ALPHV eventually shutdown its operations in March 2024. Whereas Akira ransomware groups had the highest volume of attacks in Q2 of 2024, the report highlighted.

On the other hand, Seqrite, the enterprise arm of global cybersecurity solution provider, Quick Heal Technologies Ltd has unveiled the latest findings on a dangerous fileless ransomware campaign, “Cronus,” targeting unsuspecting users through fraudulent PayPal documents. Hackers exploit PowerShell, a legitimate Windows tool, to deliver this sophisticated ransomware without leaving traces in the form of files, making detection incredibly challenging for traditional antivirus software. Once activated, the ransomware locks crucial data and demands a ransom from the victims.

“Ransomware gangs have evolved into highly organised cybercriminal networks, strategically investing in sophisticated tools and techniques to refine their attacks and eliminate past mistakes. One common approach involves infiltrating large organisations through smaller, less secure supply chain vendors. Once inside, they paralyse operations and demand ransom, often using double extortion tactics. This means not only encrypting critical data but also threatening to leak sensitive information on dedicated leak sites to coerce victims into paying”, said, Dr. Sanjay Katkar, Joint Managing Director, Quick Heal Technologies Limited.

“At Seqrite, we focus on proactive threat detection, deploying AI-driven solutions to identify and neutralise ransomware threats before they penetrate. By continuously monitoring endpoints and integrating multi-layered defences, we help organisations stay ahead of these evolving attacks and secure their critical infrastructure”, he further added.

As we move forward, collaboration among law enforcement, cybersecurity firms, and organizations is essential to combat the evolving threat landscape. By staying informed and prepared, businesses can mitigate the risks posed by ransomware and protect their critical assets from falling into the hands of malicious actors. The fight against cybercrime is ongoing, and a united front is crucial for creating a safer digital environment for everyone.