💰

Infosecurity Magazine Security Incident

2024 630 days ago Resolved

Incident Overview

Situation Description

The ransomware landscape in 2024 remained dynamic, with law enforcement takedowns of groups like ALPHV/BlackCat and LockBit being offset by the resilience and emergence of other ransomware-as-a-service operations.

Event Types

Ransomware

Industry Sector

Other

Geographic Scope

Global

Impact Analysis

Event Types (1 identified)

Ransomware

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Financial Data (Credit Cards, Bank Accounts) Credentials Operational / System Data

Primary Impacts

Operational Disruption Financial Loss Reputational Damage

Key Decisions Made

Infosecurity selected the 10 most active ransomware groups of the past year, collecting data from several sources.; RansomHub affiliates overtook LockBit as the most prolific RaaS brand in October and largely contributed to a ransomware claim surge in November.; BlackBasta was the second most active ransomware group after LockBit in the first quarter of 2024.

Technical Analysis

Attack Method

Unpatched Vulnerability

Threat Actor Attribution

ALPHV/BlackCat LockBit Play Akira Hunters International Medusa Qilin BlackBasta BianLian INC Ransom BlackSuit Royal RansomHub Scattered Spider Prolific Puma Zeon Snatch BlackByte Hive Agenda Lynx

Vulnerability / Tool

Fortinet Citrix VMware ESXi

Additional Information

Infosecurity Magazine Home News Features The Top 10 Most Active Ransomware Groups of 2024 The Top 10 Most Active Ransomware Groups of 2024 News Feature 27 Dec 2024 Written by Kevin Poireault Reporter , Infosecurity Magazine Follow @Kpoireault Connect on LinkedIn The past year was expected to be a watershed moment for the ransomware ecosystem, with the takedown of ALPHV/BlackCat in late 2023 and the disruption of the LockBit syndicate in early 2024. While these law enforcement takedowns had a negative impact on ransomware activity for a while, the ransomware-as-a-service (RaaS) landscape showed its resilience. Soon after some of the biggest law enforcement busts, activity from other established ransomware brands like Play and Akira seemed to pick up, perhaps due to affiliates moving from exposed groups, while new groups emerged. Ransomware activity peaked in November, with Corvus Insurance analysts claiming the month saw the highest number of claimed ransomware victims in history. Other sources, like the ransomware tracking website Ransomware.live, believe no monthly ransomware claims in 2024 topped the 907 claimed in July 2023. Top 20 of Ransomware for 2024 as of December 18. Source: Ransomware.live Top Ransomware Gangs of 2024 Infosecurity selected the 10 most active ransomware groups of the past year, collecting data from several sources, including Ransomware.live, RansomLook, Corvus Insurance and Recorded Future, among others. RansomHub: Move Fast and Break Things Other names: N/A Appeared in: February 2024 Claimed victims in 2024: 593 Claimed victims overall: 593 On February 2, 2024, a user called 'koley' announced a new ransomware affiliate program under the name RansomHub on the Russian-language hacking forum RAMP. The split of each heist would be 90% of the value for the affiliate and 10% for the developer. According to koley, the RansomHub ransomware is designed to be versatile in order to compromise a wide array of platforms, including Windows, Linux...

... (truncated for display)

Quick Facts

Company:: Infosecurity Magazine
Date:: 2024
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 27/12/2024

Source Information

Original Query

FBI takedown of ALPHV/BlackCat infrastructure impact on victim recovery

View Original Source

Timeline

Information Published

27/12/2024

Incident Occurred

2024 (630 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats