The ransomware industry has reached a point of stabilization in productivity, as reported by WithSecure. Despite peaking in late 2023, there have been significant developments in ransomware targets and industry dynamics in 2024.
Although there has been a leveling off in ransomware productivity, the frequency of attacks and ransom payments collected has remained higher in the first half of 2024 compared to the previous years of 2022 and 2023. WithSecure’s Director of Threat Intelligence and Outreach, Tim West, notes a noticeable shift towards targeting small and medium-sized businesses, which now make up a larger proportion of ransomware victims.
One key factor that has contributed to disrupting major ransomware operations is the actions taken by law enforcement. In February 2024, the Lockbit ransomware group was taken down, leading to the seizure of significant assets and the dismantling of critical infrastructure used by ransomware groups. Despite these efforts, the long-term impact of law enforcement on the ransomware ecosystem remains uncertain, as ransomware groups continue to adapt and evolve in response.
WithSecure’s report delves into the architecture of Ransomware-as-a-Service (RaaS) collectives, highlighting the increasing competition among ransomware franchises to attract affiliates. Following the decline of prominent groups like Lockbit and ALPHV, many newly “nomadic” ransomware affiliates have aligned themselves with more established RaaS brands. However, trust within the cybercriminal community has been eroded due to incidents such as ALPHV’s alleged exit scam, where affiliates were deceived of their earnings, adding further complexity to the dynamics within the ransomware ecosystem.
An emerging trend identified in the report is the growing adoption of initial access through edge service exploitation and the frequent use of legitimate remote management tools by ransomware actors. This shift in tactics reflects a continued evolution in the methods employed by ransomware operators to gain unauthorized access to systems and encrypt vital data.
Overall, the ransomware industry in 2024 has seen a stabilization in productivity, with notable changes in targeting strategies, industry dynamics, and the evolving landscape of RaaS collectives. As law enforcement continues to take action against ransomware groups and cybercriminals adapt their tactics, the future of the ransomware ecosystem remains uncertain but ever-changing.