Mosyle, the only Apple Unified Platform..Corvus, one of the leading cyber insurance providers, has published its quarterly Cyber Threat Report for Q3 2024, focused on the shifting ransomware landscape.
While the rising number of ransomware attacks should be no surprise to anyone, the report outlines how cybercriminals are becoming more competitive and adopting more aggressive strategies rather than waiting for the next mass-exploit event.About Security Bite: s Shifting dominance Most interestingly, Corvus’s latest Cyber Threat Report claims the ransomware threat landscape is becoming increasingly distributed, with 59 active groups now operating worldwide.The findings reveal a shift away from the dominance of the major players (like LockBit 3.0 and ALPHV) toward a more fragmented ecosystem.
The shift could result from increased law enforcement activity toward big players.Earlier this year, the FBI, Europol, and the UK’s NCA successfully seized LockBit’s infrastructure.Authorities recovered over 1,000 decryption keys for victims.
While arrests were made, the LockBit group has persisted and continues to operate even today–hence the “3.0” in LockBit 3.0.ALPHV also experienced a similar takedown.As they exist today, Ransomware groups are primarily run as RaaS (Ransomware-as-a-Service) businesses.
This means the malware developers (or operators) write the software, and affiliates, usually people with less technical knowledge, pay for the malicious package and direct it at whomever they like.The operators will handle the payment processing and even customer service for victims, often taking a cut of the ransom at the end.Now that authorities are successfully taking down these significant operators, affiliated criminals are likely thinking twice about who to work with.
Essentially picking the car with no accident history.When authorities successfully take down these major groups, they often gain access to internal systems, admin panels, and communication channels, creating significant risks for any affiliated criminals.An investigation can reveal operational details, cryptocurrency transaction records, and a trail of breadcrumbs that can lead back to the affiliate’s identity.
This new reality seemingly pushes affiliates toward smaller and more agile ransomware operations.Newer groups like RansomHub, which saw a 160% increase in victims, according to Corvus, show how affiliate preferences are changing.These smaller groups can attract affiliates better by offering more competitive terms and better protection through more focused operations.
Other key highlights from the report: Ransomware attacks slightly increased to 1,257 victims in Q3 New group RansomHub becomes most active, claiming 195 victims Construction and Healthcare sectors face heightened targeting 28.7% of attacks leveraged VPN vulnerabilities 75% of organizations lack robust multi-factor authentication Corvus anonymously gathers data from claims and other sources.Also: Why email security is still so bad Follow Arin: Twitter/X, LinkedIn, Threads You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day.Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop.
Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
