Ransomware Activity for Q3 2024 Dominated by Established Groups including RansomHub, PLAY and LockBit 3.0
Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., released its Q3 2024 Cyber Threat Report, The Ransomware Ecosystem is Increasingly Distributed, which showed that attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attacks.
According to the Q3 report, many of these incidents were traced to outdated software or VPN accounts with inadequate protection. For example, common usernames such as “admin” or “user” and a lack of multi-factor authentication (MFA) made accounts vulnerable to automated brute-force attacks, where attackers exploit publicly accessible systems by testing combinations of these weak credentials, frequently achieving network access with minimal effort.
“Attackers are focused on finding the path of least resistance into a business to launch an attack, and in Q3 that entry point was the VPN,” said Jason Rebholz, Chief Information Security Officer at Corvus. “As we look forward, businesses must strengthen defenses with multi-layered security approaches that extend beyond MFA. Today, MFA is mere table stakes and must be complemented with secure access controls capable of shoring up these current and future areas of vulnerability.”
Cyber Technology News: Fakespot Holiday Gift Guide 2024: Shop Smart and Avoid Scams This Season
The Ransomware Ecosystem
Using data collected from ransomware leak sites, Corvus identified 1,248 victims in Q2, marking the highest number the company has recorded in any second quarter. This level of activity persisted in Q3, when there were 1,257 attacks.
Forty percent of the Q3 attacks can be traced to five groups: RansomHub, PLAY, LockBit 3.0, MEOW and Hunters International. Of these five, RansomHub was the most active in the quarter, with 195 reported victims (up 160% over Q2), while activity from LockBit 3.0 fell sharply, from 208 victims in Q2 to 91 in Q3.
While the sources behind many of these attacks were relatively consolidated, the ransomware ecosystem did grow over this period, with 59 total groups identified by the end of Q3. This increase is noteworthy since new entrants can quickly become disruptive forces. For example, following law enforcement’s takedown of LockBit in Q1, RansomHub, which emerged in February 2024, quickly filled the void, becoming one of the more prolific and dangerous cybercriminal groups. In 2024, RansomHub has claimed more than 290 victims across various sectors.
Cyber Technology News: Wipro, Lineaje Partner to Strengthen Software Supply Chain
Key Industry Trends: Construction Remains Most Impacted Industry in Q3
In the third quarter, the construction industry remained the most impacted sector, with 83 reported victims. That’s up 7.8% from the 77 attacks reported in Q2 and was driven by ransomware groups like RansomHub, which continue to target infrastructure and related sectors. Healthcare organizations also experienced a significant increase, with 53 reported victims, up 12.8% from the 42 victims reported in Q2.
Cyber Technology News: AIC and ScaleFlux Launch Storage Array with NVIDIA DPU
Source – PR Newswire
To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com