Forty ransomware operations engaging in double-extortion attacks added victims on their respective leak sites in May, which is the highest on record, while the prevalence of double-extortion groups increased by 30% between July 2023 and June 2024 amid the dismantling of the ALPHV/BlackCat and LockBit ransomware groups, according to SC Media.
Disruption of LockBit operations has sent its affiliates scrambling to other ransomware-as-a-service (RaaS) groups, with the Qilin gang believed to be among the leading enlisters of affiliates after having the victims listed on its website increase from fewer than nine a month to up to 19 in May, a report from Secureworks showed.
Additional findings revealed that most ransomware groups continued to leverage unpatched flaws as their initial attack vector, with the Citrix Bleed flaw, tracked as CVE-2023-4966, Citrix NetScaler bug, tracked as CVE-2023-3519, and Ivanti Pulse Connect vulnerability, tracked as CVE-2024-21887, being the most commonly exploited security issues.
Meanwhile, two-thirds of ransomware attacks were discovered to have dwell times that were either less than a day or less than a week.