Security News > 2024 > April > Behavioral patterns of ransomware groups are changing

In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity - including the continued targeting of previously "Off-limits" organizations and industries, such as emergency hospitals.

"Overall, we're seeing an increasingly volatile ransomware ecosystem. Law enforcement disruptions this quarter appear to have temporarily slowed or shifted operational activities of prolific Ransomware-as-a-Service groups, including Alphv and LockBit," said Drew Schmitt, Practice Lead, GRIT. "Affiliates are the lifeblood of RaaS operations, and in the wake of these disruptions, we've already observed smaller RaaS groups attempting to recruit disaffected or displaced affiliates. While the long-term effects of law enforcement efforts are yet to be seen, we expect a turbulent Q2 as the RaaS landscape continues to evolve," added Schmitt.

Q1 2024 resulted in a nearly 20% increase in reported victims over Q1 2023, despite the disruption of LockBit and the disbandment of Alphv, two of the largest and most prolific ransomware groups.

The number of active ransomware groups more than doubled year-over-year, increasing 55% from 29 distinct groups in Q1 2023 to 45 distinct groups in Q1 2024.

The top three most active ransomware groups were LockBit, Blackbasta and Play.

The report is based on data obtained from publicly available resources, including threat groups themselves, as well as threat analyst insights into the ransomware threat landscape.

News URL

https://www.helpnetsecurity.com/2024/04/23/ransomware-groups-activity-q1-2024/