87/68 Wednesday, March 5, 2025
In 2024, global ransomware attacks surged to 5,414 incidents, marking an 11% increase compared to 2023. The most significant spikes were observed in Q2 and Q4, with Q4 alone accounting for 1,827 incidents—33% of the total. Law enforcement crackdowns on major ransomware groups, such as LockBit, led to the fragmentation of attackers, resulting in a rise in the number of active ransomware groups from 68 in 2023 to 95 in 2024.
The emergence of new ransomware groups has been particularly notable in 2024, with 46 new groups appearing. By Q4, this number had risen to 48. Among the most concerning and rapidly growing groups are RansomHub, Fog, and Lynx. RansomHub has become a key player, recording 531 attacks on data leak sites since its inception in February 2024. Operating as a Ransomware-as-a-Service (RaaS) platform, it offers a 90/10 revenue-sharing model, while strategically avoiding targets in CIS countries, Cuba, North Korea, China, and nonprofit organizations.
Fog Ransomware emerged in early April 2024, targeting U.S. educational networks using stolen VPN credentials. This group employs a double extortion strategy and is capable of encrypting victims’ data within just two hours. Meanwhile, Lynx has adopted double extortion tactics and publishes victims’ names on its website. As of 2024, Lynx has successfully attacked over 70 victims.
Given the increasing competition and fragmentation among ransomware groups in 2024, 2025 is expected to witness the rise of even more new and aggressive ransomware organizations. While RansomHub remains a dominant force, emerging groups will continue to evolve their tactics, making cybersecurity a top priority for all sectors. The escalating threat landscape underscores the urgent need for enhanced defense measures to counter these ever-evolving digital threats.
Source https://thehackernews.com/2025/03/the-new-ransomware-groups-shaking-up.html
