Up, down, all around—2024 has been a chaotic year for ransomware attacks. While overall attacks have been higher than in 2023, a month by month view shows a more complicated picture.
After dropping below 2023 year over year (YoY) in June and July, ransomware attacks were up 14% in August and increased YoY from 335 attacks to 450, NCC Group reported in its latest Monthly Threat Pulse. Matt Hull, NCC Group’s global head for strategic threat intelligence, told IT Brew that he expects to see a rise in attacks as we come to the end of the year.
“We do seem to see a ramping up of activity in the run up to the Christmas holiday period, and whether we continue to see this increase right the way through to December is yet to be seen,” Hull said. “But September so far is looking like it could be heading that way as well.”
New kid. The report detailed how threat actor RansomHub continues to be a major vector of ransomware attacks, responsible for 16% of attacks for August. Industrials were the highest targeted sector.
RansomHub has become a major actor in the ransomware space, with its attacks for August increasing to 72 from July’s 43, a 67% increase. The gang’s increased presence is partly the result of law enforcement crackdowns on criminal groups like LockBit and Evil Corp, Hull said, leaving a vacuum.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“They have been a safe pair of hands when it comes to the affiliate groups that are looking at all of the different operations,” Hull said. “It’s an easy ransomware as a service to leverage, so some of the support and tooling behind it seems to have been what’s attracted some of the groups as well, and certainly some of the operators and affiliates.”
Hull told IT Brew that he wasn’t sure that RansomHub would reach LockBit numbers, even with the increase in attention and usage of its services in August. What’s certain is that the market share LockBit had won’t go unclaimed, he said.
The block. The role of generative AI can’t be underestimated either, Hull said, noting that the technology is being used to spearhead phishing attacks and other social engineering threats. Overall, AI is complicating the ransomware and threat picture, making things more complicated and dangerous for users and security professionals alike.
“The entry level to criminality is reduced by it,” Hull said, adding that’s an example of the “indirect influence that AI is having on the cyber criminal landscape at the moment.”