Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Ransomware threat groups are on the rise, so be on your guard

Neon letters spelling RANSOMWARE set against a dark background with red and blue circuitry.

The number of active ransomware groups over the last 12 months is on the rise as criminals look for more ways to target businesses, new research has claimed.

The 2024 State of Threat Report from Secureworks has revealed a rise in the number of active ransomware groups over the last 12 months - identifying a 30% rise in the number of active groups.

The figures represents a diversification of the landscape rather than a particularly drastic increase in criminals. Since the notorious Lockbit disruption, in which the most prolific group was briefly shut down, the ransomware ecosystem has evolved, with 31 new groups being established.

A variety of tactics

One of the key findings from the report is that unpatched vulnerabilities remain the top Initial Access Vector (IAV) in ransomware attacks, making up almost 50% of all IAVs. This outlines more than ever the importance of staying on top of cybersecurity and software updates.

In 2024, PLAY has become the most active group, and has doubled its victim count year-on year. Further evidence of the broadening of the attack sources is the fact that Lockbit, previously a dominant player, has seen an 8% reduction in its share of ransomware attacks.

“Cybercriminal ecosystems are akin to living organisms. They adapt and mutate in the face of disruption, reacting with speed to maintain the tempo of their attacks. The names and affiliations may be different, but the impact is the same, with attacks causing maximum business disruption, downtime, and remediation costs,” said Secureworks Vice President Don Smith.

The report also outlines a persistence of state-sponsored threat actors from Russia, China, and Iran amongst others. These are driven by geopolitical conflicts and underscore the growing use of cyberattacks as a political tool.

Unsurprisingly, AI continues to flourish as a tool for malicious actors, contributing to both the problem and the solution as the technology is increasingly used in both cyberattacks and cybersecurity solutions. This is consistent with earlier research which suggests ransomware has as much as doubled thanks to AI.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.