The year 2024 marked a turning point in the ransomware ecosystem with the downfall of LockBit and the emergence of new cyber threats. According to data from Ransomlooker, the monitoring tool by Cybernews, ransomware attacks increased by 26% compared to 2023, reaching nearly 5,300 recorded victims across various economic sectors.
The Collapse of LockBit and the Rise of New Actors
LockBit, one of the most active ransomware groups in recent years, suffered a significant setback following the police operation Cronos in early 2024. While it maintained the highest number of attacks, its activity dropped by 50%, with around 530 confirmed victims. This decline allowed other cybercriminal groups to expand their operations and solidify their presence on the global stage.
RansomHub, a new emerging group, recorded nearly 500 attacks in its first year of activity, establishing itself as one of the main cyber threats. At the same time, the Play gang secured its third position with 350 victims, continuing its focus on key sectors such as manufacturing, technology, and real estate.
Expansion of Criminal Groups and Sophistication of Tactics
The ransomware ecosystem experienced significant expansion in 2024, with an increase in the number of actors involved. Ransomlooker identified the activity of 89 active groups, compared to the 67 reported in 2023. Of these, 43 were newly formed or restructured organizations arising from dismantled gangs, highlighting the ability of cybercriminals to adapt to law enforcement strategies.
The decentralization of ransomware and the ease of access to advanced tools have significantly lowered the barriers to entry for this type of cybercrime. Among the most prominent new actors are KillSec and Funksec, responsible for 136 and 91 attacks respectively, reinforcing the trend of proliferating criminal gangs with increasingly sophisticated methods.
Most Affected Sectors and Regions
Ransomware attacks continue to hit key sectors hard. In 2024, the manufacturing industry was the primary target, with over 300 companies affected. Technology companies and the real estate sector were also heavily impacted, with 150 and 100 victims respectively. Additionally, attacks against the healthcare sector have continued, representing a critical threat to essential infrastructures.
Geographically, the United States remained the most attacked country, with over 1,700 organizations affected. Canada and the United Kingdom followed, though with a considerable gap. India, which had stayed off the main target lists in previous years, emerged in 2024 as a focal point for cybercriminals, solidifying its position as one of the regions with the highest number of attacks.
Challenges and Future Perspectives
The ransomware continues to evolve and presents increasing challenges for governments and businesses worldwide. The adaptable nature of criminal groups and the emergence of new actors complicate efforts to eradicate this threat. The growing decentralization and the ease with which these groups operate indicate that the ransomware landscape will remain in constant transformation in the coming years.
Companies and organizations must strengthen their cybersecurityCybersecurity solutions are essential in today’s era strategies to address these evolving threats. The implementation of more advanced protection measures and international cooperation will be key to mitigating the impact of ransomware and reducing its proliferation in the near future.