The State of Ransomware

Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary:

Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed.

In February, we reported a 49% increase year-over-year in alleged victims posted on ransomware leak sites. So far, in 2024, comparing the first half of 2023 to the first half of 2024, we see an even further increase of 4.3%. The higher level of activity observed in 2023 was no fluke.

Activity from groups like Ambitious Scorpius (distributors of BlackCat) and Flighty Scorpius (distributors of LockBit) has largely fallen off due to law enforcement operations. However, other threat groups we track such as Spoiled Scorpius (distributors of RansomHub) and Slippery Scorpius (distributors of DragonForce) have joined the fray to fill the void.

Tags: ,

Posted on August 19, 2024 at 7:05 AM3 Comments

Comments

Clive Robinson August 19, 2024 10:38 AM

@ ALL,

As we saw with that group that tried stealing peoples bitcoin in person as a side line to their online activities, “hands on crime” is more dangerous and hardly pays in comparison to online crime.

Especially as whilst law enforcement can turn a blind eye to on-line crime… blood, guts, broken bones, and bodies left littering the place tends to cause a noise at very high levels thus “tablets of stone” tend to come down with more than ten commandments attached.

The thing is street crime, home invasion, and similar crime are actually going down in a lot of places as it’s mostly an “idiots game” these days. But online crime is rising rapidly and the value to the crooks is many multiples. Especially for those criminals that are slightly more intelligent than those just looking for 5cents on the dollar in cash for their next street fix.

The base for crime is shifting, from the physical world to the information universe and much of Law Enforcement is unprepared for it which just makes it easier for the criminals.

Especially when information “crosses boarders” but the crooks make sure they are never in the same jurisdictions as their crimes…

With care and caution the odds of getting caught for “information crimes” is a small fraction of that for “physical crimes”…

Jim August 19, 2024 1:26 PM

Ransomware attacks will continue as long as they keep getting paid. The fix is easy: it must be a major crime to pay a ransom with the cost far far above the ransom amount. I propose a fine of 10x the ransom amount plus all revenue for the past 10 years (including from all subsidiary and parent companies).

Also, any victims of a ransomware attack should really consider filling a lawsuit against all businesses that have ever paid a ransom in the past. Because by paying a ransom, they provided aid and supported further ransomware attacks. They are just as guilty.

Erdem Memisyazici August 19, 2024 4:46 PM

I just got the letter from UnitedHealth Group last week. Equifax wasn’t the one that was going to get us our own American GDPR no, this was it. Right?

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.