Threat Research

November 2024 Threat Trend Report on Ransomware

Ahnlab
Summary:
This report highlights the trends in ransomware activity for November 2024, noting a slight decrease in new ransomware samples compared to October. It also provides insights into targeted businesses and the impact of various ransomware groups. The statistics are derived from AhnLab’s detection names and data collected from ransomware groups’ Dedicated Leak Sites.
#RansomwareTrends #CyberThreats #RansomwareStatistics
Keypoints:

  • The total number of new ransomware samples collected in the past six months is reported.
  • November saw a slight decrease in new samples compared to October, primarily due to the absence of MedusaLocker in the rankings.
  • Statistics on targeted businesses are based on data from the Dedicated Leak Site (DLS) of ransomware groups.
  • Some data on targeted businesses were collected late or were unavailable, leading to reliance on external statistics.
  • Specific MD5 hashes of ransomware samples are provided in the report.
    • MITRE Techniques

  • Data Encrypted for Impact (T1486): Ransomware encrypts files on targeted systems to extort payment from victims.
  • Exploitation of Remote Services (T1210): Ransomware may exploit vulnerabilities in remote services to gain initial access.
  • Credential Dumping (T1003): Ransomware can extract credentials to facilitate lateral movement within a network.
  • Command and Control (T1071): Ransomware utilizes command and control channels to communicate with compromised systems.
    • IoC:

  • [MD5] 146d350fd6271b4411714c630d8cda87
  • [MD5] 14a0ecf45aa72adb2b1f2ccca99f6faa
  • [MD5] 30656c737338818bee8cc3591e3f3dcc
  • [MD5] 31a77e0d1c1b91eebec1f7cdcc1ab8b8
  • [MD5] 571684f28ce1cf4d8236dbd46ef6f7f0

    • Full Research: https://asec.ahnlab.com/en/85030/

    Tags: LATERAL MOVEMENT, CREDENTIAL, IMPACT, LEAK, INITIAL ACCESS, EXPLOIT

    Check this following Post also