The latest Check Point Research (CPR) report reveals that ransomware remains the top cyber threat. RansomHub has quickly emerged as the fastest-growing group, operating through Ransomware-as-a-Service (RaaS). As of September 2024, RansomHub accounted for 19% of all ransomware victims published in shame sites, marking a shift in the cybercriminal landscape. Meanwhile, Lockbit, once dominant, has seen a significant decline, responsible for only 5% of new victims, many of which were recycled from previous attacks.
These findings reflect a transition in the ransomware ecosystem, as new actors adopt advanced tactics, including data extortion and remote encryption, which challenge traditional security defenses across various industries.
The report also highlights critical vulnerabilities in key sectors, with industrial manufacturing and education being the most heavily targeted by ransomware groups, particularly in North America.
Key Insights from the report:
- RansomHub’s Rise: Since its inception in February 2024, RansomHub has grown rapidly, targeting U.S.-based companies, including notable victims in the healthcare sector, despite its stated policy of avoiding non-profits and hospitals.
- Lockbit’s Decline: Once the dominant player, Lockbit now accounts for only 5% of victims. Many of these were recycled from previous attacks, suggesting that the group’s affiliates scale has diminished significantly.
- Meow Ransomware’s Evolution: Moving away from traditional encryption tactics, Meow now focuses on data theft and extortion, reflecting the broader trend toward non-encryption-based ransomware strategies.
- Sectoral Impact: Industrial manufacturing remains the most targeted sector, followed closely by education. Healthcare organizations continue to be targeted, despite some groups’ public statements against attacking such institutions.
“RansomHub’s rapid growth and advanced tactics like remote encryption are reshaping the ransomware landscape. It’s crucial that organizations adopt AI-powered and proactive threat prevention to stay ahead of these emerging threats,” said Sergey Shykevich, Group Manager • Products – R&D, at Check Point Software Technologies.