RansomHub Surges to Top as LockBit Drops 88% in Q3 2024
The ransomware landscape has seen significant shifts in the third quarter of 2024. LockBit, once the leading operation, experienced an 88% drop in successful attacks, while RansomHub surged to the top with a 155% increase.
LockBit's decline, following an international law enforcement operation in February, has opened the door for other groups. RansomHub, now the leader, attributes its success to recruiting experienced affiliates for its ransomware-as-a-service operation. Meanwhile, Qilin's victim count rose by 44%.
The four most common tools and techniques employed by ransomware actors in Q3 were living off the land, bring your own vulnerable driver, remote desktop/admin, and data exfiltration. However, the disparity between publicly claimed attacks and actual ransomware activity varies among groups.
RansomHub's rise to the top, driven by its affiliate recruitment strategy, has reshaped the ransomware scene. Despite LockBit's decline, other groups like Qilin remain active. The use of specific tools and techniques persists, highlighting the need for robust cybersecurity measures.
