Cyjax finds over 5 new ransomware groups emerging per month
June 2024 by Cyjax
Ransomware attackers are in an arms race with defenders. While law enforcement disrupts existing groups, the attacker side is experiencing a boom with the total number of new groups reaching an all time high. This year 22 new ransomware groups emerged compared to the total of 22 groups that emerged between 2018 and 2020.
The threat intelligence company, CYJAX has just published a new report on this trend. Main takeaways are:
o Unprecedented growth: The number of ransomware groups is exploding, with an average of 5.5 new groups emerging per month in 2024 – a dramatic increase compared to previous years.
o Shifting targets: Ransomware attackers are increasingly targeting smaller businesses with weaker security postures, posing a new threat to a wider victim pool.
o Spike following group disbandment: An anomalous rise in new groups following the dismantling of prominent groups like Conti and ALPHV. This suggests a potential recruitment pool from disbanded groups or a temporary dip in activity before new groups solidify.
o Short-term wins but long-term struggle: While law enforcement actions disrupt existing groups, they often lead to rebranding or the creation of entirely new groups.
o Geopolitical influence: The Russia-Ukraine war is hampering international cooperation, allowing Russia-based groups to operate with impunity.
Ian Thornton-Trump, CISO, Cyjax, said “One of the major trends I sense is a major reorganisation of the cybercriminal underground as a direct response to law enforcement success. It’s likely that criminal actors are starting fresh and building more operational resiliency into their organisations and focusing on OPSEC to avoid discovery and compromise. It’s far better to be a new crew and remain under the radar than an old crew with a big OSINT footprint.”