Just a few ransomware groups are responsible for nearly half of cyber attacks

Just a few ransomware groups are responsible for nearly half of cyber attacks

marry 26.11.2024, 11:00 AM

According to research by Corvus Insurance, Fri ransomware group is responsible for 40% of all cyber-attacks in the third quarter of 2024.

Data from reports insurance companies showed that in the third quarter, the names of 1,257 victims were published on the websites of ransomware groups, which is an increase of 0.7% compared to the total of 1,248 victims in the previous quarter.

The following five groups are responsible for 40% of attacks: RansomHub, PLAY, LockBit 3.0, MEOW and Hunters International.

According to the report, the total number of active ransomware groups worldwide rose to 59.

The report also states that the activities of law enforcement authorities, such as Operation Kronos that affected LockBit, can significantly change the ransomware ecosystem. Thus, RansomHub quickly filled the gap created by the police action directed against the LockBit infrastructure, with more than 290 victims in various sectors in 2024. In October, Symantec announced that RansomHub is now the most successful ransomware operation and that the group’s success can be explained by its successful recruitment of experienced affiliates for its RaaS (ransomware-as-a-service) operations.

Corvus said LockBit 3.0 activity dropped sharply from 208 victims in the second quarter to 91 victims in the third quarter, likely in response to pressure from law enforcement.

Cybercriminals using VPN vulnerabilities and weak passwords for initial access carried out nearly 30% of ransomware attacks. Outdated software or VPN accounts with inadequate protection are what led to the exploitation of VPN vulnerabilities.

Corvus also explained that common usernames such as “admin” or “user” and the lack of multi-factor authentication (MFA) make accounts vulnerable to automated brute-force attacks, where attackers exploit publicly available systems by testing combinations of these weak credentials. This allows them to access the network with minimal effort.

Photo: FlyD | Unsplash

Source: www.informacija.rs