According to experts from Kaspersky, targeted ransomware activity has seen a notable increase, with a 35% rise in active ransomware groups between 2023 and 2024, bringing the total number of such groups to 81 globally.
Despite the growth in groups, the number of infected victims has decreased by 8%, with an estimated 4,300 victims worldwide.
The UAE, South Africa, Saudi Arabia, and Turkey have emerged as the most frequently targeted countries in the region.
This trend continues to challenge organizations worldwide, as ransomware groups remain an ongoing and significant threat to cybersecurity.
Kaspersky’s research reveals that, even in the face of major disruptions to notorious groups like LockBit and BlackCat in 2024, ransomware remains a highly profitable and attractive option for cybercriminals.
This resilience indicates that the impact of such attacks is still widespread, and despite law enforcement efforts, these groups continue to evolve and expand their operations.
Continued Expansion of Ransomware Groups in 2024
According to Kaspersky’s investigation into data leak sites operated by targeted ransomware groups, the number of active ransomware groups has risen for the second consecutive year.
This surge is occurring even though two high-profile disruptions targeted well-known groups, LockBit and BlackCat, in 2024.
These disruptions did not, however, stop the ransomware groups from thriving. Kaspersky’s findings underscore the increasing lucrative nature of these attacks, where cybercriminals continue to develop new techniques and collaborate more effectively to breach organizations’ cybersecurity defenses.
This ongoing rise in the number of groups and attacks highlights how ransomware is becoming a mainstream threat for organizations globally, with various groups specializing in different techniques for achieving their malicious objectives.
Common Ransomware Tactics and Techniques
Targeted ransomware groups typically rely on a variety of techniques to gain initial access to victims’ systems. These methods include exploiting internet-exposed services, using social engineering tactics, and trading access on the dark web to bypass security systems.
Another concerning trend is the increased collaboration among these cybercriminal groups. There is growing evidence that ransomware actors are sharing malware and hacking tools across organizations, enhancing the effectiveness of their attacks and making it more difficult for organizations to defend against these breaches.
In addition to collaboration, these groups are diversifying their tactics to exploit new vulnerabilities, which has made it significantly harder for businesses to stay ahead of their evolving strategies.
Protecting Against Targeted Ransomware Attacks
Maher Yamout, Lead Security Researcher for the Middle East, Turkey, and Africa at Kaspersky, suggests a comprehensive approach for organizations to protect their systems. He advises that companies should focus on identifying and securing the entry points into their networks and understand the specific tactics used by ransomware groups.
Yamout emphasizes that neglecting these elements could significantly increase a company’s vulnerability. According to Kaspersky’s research, a proactive defense strategy is essential to minimizing the risk of ransomware infections.
To help organizations enhance their security posture, Kaspersky provides several recommendations aimed at strengthening defenses against targeted ransomware.
Kaspersky’s Recommendations for Strengthening Cybersecurity
Kaspersky’s experts recommend the following measures for organizations looking to improve their cybersecurity defenses against ransomware attacks:
- Employee Education and Cybersecurity Training: Human error remains one of the most common causes of cybersecurity breaches, and educating employees is crucial to prevent them from becoming entry points for ransomware.
- Kaspersky Threat Intelligence: Kaspersky’s Threat Intelligence tool is an essential resource for organizations. It provides in-depth insights into the motivations, operations, and history of targeted ransomware groups, helping businesses stay ahead of emerging threats.
- Regular Updates and Patch Management: Ensuring that all devices and systems are updated regularly can help organizations protect against attacks that exploit known vulnerabilities.
- Offline Backups: Organizations should set up offline backups that cannot be easily accessed by intruders. In the event of a ransomware attack, these backups can be a lifesaver, ensuring data recovery without paying a ransom.
- Next-Generation Protection: Kaspersky’s multi-layered defense system detects ransomware during both the delivery and execution stages of an attack. Kaspersky Next, which combines exploit prevention, behavior-based detection, and powerful remediation, ensures comprehensive protection for organizations. This technology also includes self-defense mechanisms to prevent tampering by attackers.
Final Thoughts: Rising Threats and the Need for Vigilance
As ransomware attacks continue to evolve and increase in frequency, organizations must remain vigilant and proactive in their approach to cybersecurity. With more targeted ransomware groups and sophisticated attack methods on the rise, the need for robust security measures has never been greater.
By following Kaspersky’s recommendations and staying informed about new attack vectors, organizations can better defend their digital assets against the growing threat of ransomware.
