Ransomware threat groups are on the rise, so be on your guard

News
By
published

Secureworks report says threat landscape is diversifying after the Lockbit disruption

Neon letters spelling RANSOMWARE set against a dark background with red and blue circuitry
(Image credit: Getty Images)

The number of active ransomware groups over the last 12 months is on the rise as criminals look for more ways to target businesses, new research has claimed.

The 2024 State of Threat Report from Secureworks has revealed a rise in the number of active ransomware groups over the last 12 months - identifying a 30% rise in the number of active groups.

The figures represents a diversification of the landscape rather than a particularly drastic increase in criminals. Since the notorious Lockbit disruption, in which the most prolific group was briefly shut down, the ransomware ecosystem has evolved, with 31 new groups being established.

A variety of tactics

One of the key findings from the report is that unpatched vulnerabilities remain the top Initial Access Vector (IAV) in ransomware attacks, making up almost 50% of all IAVs. This outlines more than ever the importance of staying on top of cybersecurity and software updates.

In 2024, PLAY has become the most active group, and has doubled its victim count year-on year. Further evidence of the broadening of the attack sources is the fact that Lockbit, previously a dominant player, has seen an 8% reduction in its share of ransomware attacks.

“Cybercriminal ecosystems are akin to living organisms. They adapt and mutate in the face of disruption, reacting with speed to maintain the tempo of their attacks. The names and affiliations may be different, but the impact is the same, with attacks causing maximum business disruption, downtime, and remediation costs,” said Secureworks Vice President Don Smith.

The report also outlines a persistence of state-sponsored threat actors from Russia, China, and Iran amongst others. These are driven by geopolitical conflicts and underscore the growing use of cyberattacks as a political tool.

Unsurprisingly, AI continues to flourish as a tool for malicious actors, contributing to both the problem and the solution as the technology is increasingly used in both cyberattacks and cybersecurity solutions. This is consistent with earlier research which suggests ransomware has as much as doubled thanks to AI.

More from TechRadar Pro

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
Ransomware attack on a computer
Ransomware attacks surged in 2024 as hackers looked to strike faster than ever
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
Fraud
Hackers are tricking victims into scam-yourself attacks with fake tutorials, CAPTCHAs, and updates
Android phone malware
Over 25 new malware variants created every single hour as smart device cyberattacks more than double in 2024
Latest in Pro
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
Hands typing on a keyboard surrounded by security icons
Your passwords aren't the key to protecting your online identity, your email address is
HP Series 7 Pro 734pm during our review
I reviewed HP's Series 7 Pro 734pm and I'm obsessed with the sheer connectivity of this widescreen monitor
Latest in News
Apple iPad A16
Apple's new entry-level iPad ups the performance for the same price, but doesn't support Apple Intelligence
iPad Air M3
Apple updates iPad Air with powerful M3 chip and pairs it with Pro-level Magic Keyboard
Samsung Galaxy Z Flip 6 in blue
The Samsung Galaxy Z Flip 7 might improve on its predecessor in one crucial way
Nvidia RTX 5070 Founders Edition GPU shown against a green and black backdrop
Nvidia RTX 5070 early pricing hints at plenty of GPUs at the MSRP – but I’ll believe it when I see it
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Guitar Hero Mobile
Activision shares first look at Guitar Hero Mobile and, yeah, it looks like AI slop
More about pro
Illustration of a hooked email hovering over a mobile phone

AWS misconfigurations reportedly used to launch phishing attacks
Abstract image of cyber security in action.

TikTok’s American ownership rule ignores bigger IoT threat
Hands typing on a keyboard surrounded by security icons

Your passwords aren't the key to protecting your online identity, your email address is
See more latest