Report Shows Ransomware is Still the Leading Cyber Threat, Despite Shakeups

A developing "middle class" is making ransomware attacks even more complex.

Ransomware

GuidePoint Security, a leading cybersecurity solutions provider, has released their latest report, Ransomware and Cyber Threat Insights: The Rise of Ransomware’s Middle Class. The report offers a look at the evolving ransomware ecosystem, the top tactics, techniques, and procedures threat actors are utilizing, and emerging cybercrime trends. More specific findings include:

  • Ransomware remains a formidable threat facing organizations, with 49 active groups impacting more than 1,000 publicly posted victims in Q3 of 2024.
  • A strong “middle class” has emerged in the RaaS ecosystem following a myriad of shakeups from law enforcement disruption. This middle class is distributing ransomware victims across a greater number of diverse groups.
  • Threat actors are increasingly leveraging legitimate services and platforms to deliver targeted phishing messages. While the abuse of trusted notification services is not a new approach to delivering malware, the GuidePoint Research and Intelligence Team (GRIT) has observed novel and progressively sophisticated delivery techniques.
  • The industries most impacted by ransomware in Q3 2024 were manufacturing, technology and healthcare, respectively. Manufacturing remains the most impacted industry by a substantial margin.
  • The United States accounted for over 50 percent of observed ransomware victims this quarter. The United Kingdom and Germany experienced a significant decline in observed attacks during the same period. 

“While RaaS groups have made efforts to fill the power vacuum left by AlphV and LockBit, there is still a notable gap in the ransomware ecosystem,” said Grayson North, Senior Security Consultant, GRIT. “Groups are more loosely affiliated than before, which is correlating with a wider, more diverse spread of victims, slower attack tempos and a stabilizing growth volume of active ransomware groups.” 

The Ransomware and Cyber Threats Insight Report also explores the access techniques behind the continued success of more established RaaS groups such Akira and RansomHub, how new law enforcement approaches are impacting threat actors, and a surge of ransomware victims in countries with rising economies.

“Unfortunately, a stabilizing growth pace doesn’t translate to a massive decrease in ransomware attacks or make the attacks any less dangerous,” North added. “While the previously staggering growth of RaaS groups and attacks appears to have plateaued in recent months, ransomware remains a highly profitable endeavor for cybercriminals, and shows no indication of receding in 2024 or through 2025.” 

The Ransomware and Cyber Threats Insight Report is based on data obtained from publicly available resources, including threat groups themselves, as well as threat analyst insights into the ransomware threat landscape. To download the report, click here.


More in Cybersecurity