Ransomware

Double-Extortion Ransomware Activity Hits All-Time High

Share

Forty ransomware operations engaging in double-extortion attacks added victims on their respective leak sites in May, which is the highest on record, while the prevalence of double-extortion groups increased by 30% between July 2023 and June 2024 amid the dismantling of the ALPHV/BlackCat and LockBit ransomware groups, according to SC Media.

Disruption of LockBit operations has sent its affiliates scrambling to other ransomware-as-a-service (RaaS) groups, with the Qilin gang believed to be among the leading enlisters of affiliates after having the victims listed on its website increase from fewer than nine a month to up to 19 in May, a report from Secureworks showed.

Additional findings revealed that most ransomware groups continued to leverage unpatched flaws as their initial attack vector, with the Citrix Bleed flaw, tracked as CVE-2023-4966, Citrix NetScaler bug, tracked as CVE-2023-3519, and Ivanti Pulse Connect vulnerability, tracked as CVE-2024-21887, being the most commonly exploited security issues.

Meanwhile, two-thirds of ransomware attacks were discovered to have dwell times that were either less than a day or less than a week.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.