The last quarter of 2024 saw an unprecedented surge in ransomware activity, with significant growth in the number of active groups and notable incidents involving established players like LockBit and emerging threats such as Akira and BlackLock. This report highlights key findings, trends, and recommendations to bolster defenses against ransomware attacks. Affected: LockBit, Akira, BlackLock, RansomHub, Scattered Spider
Keypoints :
- Ransomware activity peaked in December 2024, marking the highest number of victims recorded in a single month.
- The number of active ransomware groups increased from around 60 in 2022 to nearly 100 by 2024.
- Median ransom payments rose significantly, from $199,000 in 2023 to $1,500,000 in 2024.
- Akira exploited CVE-2024-40766 to gain access to internal networks, targeting organizations with disabled MFA.
- New ransomware groups emerged rapidly in Q4 2024, with significant activity from SafePay and FunkSec.
- Scattered Spider’s tactics included social engineering and domain impersonation to facilitate attacks.
- BlackLock’s activity surged by 1,425% from Q3 to Q4 2024, making it a group to watch in the future.
- Organizations are advised to patch vulnerabilities, restrict access, and implement robust security measures.
MITRE Techniques :
- T1071.001 – Application Layer Protocol: Akira used this technique to exploit VPN access.
- T1078 – Valid Accounts: Scattered Spider impersonated employees to reset credentials.
- T1499 – Endpoint Denial of Service: BlackLock employed tactics to disrupt services.
- T1203 – Exploit Public-Facing Application: Akira targeted vulnerabilities in SonicOS.
- T1566 – Phishing: Scattered Spider utilized social engineering in their attacks.
Indicator of Compromise :
- [domain] organization-sso.com
- [domain] organization-helpdesk.com
- [domain] organization-vpn.com
- [domain] organization-gateway.com
- [url] organization-salesforce.com
- Check the article for all found IoCs.
Full Research: https://www.reliaquest.com/blog/ransomware-and-cyber-extortion-in-q4-2024/