Ransomware Groups Cause Mayhem to Industries in 2024 and 2025

Ransomware groups are being investigated internationally, as the attacks disrupt operations. The cyber-criminals behind are growing and even though their operations were disrupted, some in those groups disband and join other groups called RansomHub. BlackCat/ALPHV and LockBit are the name of the other notorious cyber-criminal groups that deploys ransomware. These cyber-criminal groups have claimed 13% more healthcare victims in 2024 with RansomHub as the top cyber-criminal group.

These ransomware-as-a-service (RaaS) groups are known now and are being highlighted in the annual Ransomware and Cyber Threat Report from the GuidePoint Security's Research and Intelligence Team (GRIT). GRIT has described law enforcement intervention successful in stopped these attacks, however the attacks continue due to affiliates moving from one RaaS group to another. Law enforcement intervention only decreased last year's ransomware attacks by 8% compared to 2022-2023's 76.8% growth. This averaged 13.2 victims' data leaks from the RaaS groups per day, which is 4,848 new victims. 

GRIT researchers observed a decrease in ransomware attacks in Q2 and Q3 in 2024 due to law enforcement operations on BlackCat/ALPHV in late 2023 and LockBit in early 2024. The reduction status reports in Q4 was made up though due to a sharp increase in posts on ransomware groups' data leak sites. RansomHub filled in where BlackCat/ALPHV lacked. Other ransomware groups chimed in as well, such as Akira, Play and other unnamed groups. GRIT observed a 42% year-over-year increase in the number of active ransomware groups. This rose from 62 in 2023 to 88 in 2024.

In 2024, 52% of ransomware victims were from the U.S. Manufacturing, technology, retail/wholesale, and healthcare were all targeted sectors by ransomware groups. RansomHub, LockBit, and BianLian are known to target healthcare organizations. These groups are known to target healthcare organizations and then disband and rebrand as a new group. This has increased lar enforcement activity in the healthcare industry.

Network defenders have to defend against a diverse range of access, even though stolen credentials and exploitations of vulnerabilities remain the two most common methods for access. These network defenders have had a heavy workload in 2024 with 110 new Common Vulnerabilities and Exploitations (CVEs) each day. This is an average amount, but at least 44% of these CVEs are critical to defend again Raas groups. In 2025, the continued efforts of RaaS groups are still high, but they have slowed as law enforcement operations are proving to be effective. 


Reference: https://www.hipaajournal.com/ransomware-groups-13-increase-healthcare-attacks-in-2024/ 

Comments

Post a Comment

Popular posts from this blog

What is Computer Security?

The general overview of computer security is to protect and secure computers' data, networks, software and hardware from unauthorized access, misuse, theft, information loss, and other security issues. Although the internet has made it simpler for us to live our lives with many advantages, it has also put our system's security at risk of malware. Malware is malicious software which includes adware, spyware, ransomware and trojan horse.  Technology is ever-growing around the world and we, as the modern people, cannot go a day without today's technology. This ever-growing technology introduces invaders, hackers, and thieves who are all attempting to gain access to our information for personal gains, whether that be monetary gains, recognition purposes, ransom demands, bullying others, and invading other businesses or organizations. This makes computer security a very important topic. The three key objectives that are the heart of computer security are confidentiality, integri...
Read more

XZ Utils Supply Chain Attack

XZ Utils is a free software tool that implements compression/decompression algorithms such as XZ and LZMA. These algorithms are used in Unix systems and Linux systems to compress and decompress data. The CVE-2024-3094 backdoor found in XZ Utils was designed to interfere with authentication in Secure Shell Daemon (SSHD), which is the OpenSSH server software that handles Secure Shell (SSH) connections. This backdoor enabled an attacker to execute codes remotely via a SSH login certificate. This only impacts versions 5.6.0 and 5.6.1.  The attacker, Jia Tan with the username of JiaT75, slowly built trust with developers, as many contractors work in XZ Utils. He got to the point where he became co-maintainer of the XZ Utils project and in July 2023, he requested to disable ifunc (GNU indirect function), which is a public tool to detect software vulnerabilities to allow the backdoor to stay undetected upon release. After being on the project for about 2 years to ensure the backdoor could...
Read more