2024 H1 Ransomware Trends Report

Resources

2024.10.15

S2W's Threat Intelligence Center TALON has released a detailed analysis report on ransomware groups for the first half of 2024.

✅ Report Title:

Ransomware Landscape in H1 2024: Statistics and Key Issues

✅ Executive Summary:

This report analyzes the activities of ransomware groups that occurred in the first half of 2024 (2024-01-01 to 2024-06-30). The analysis covers ransomware groups with Leak sites and the companies and institutions impacted by ransomware attacks uploaded on those Leak sites.

In the first half of 2024, 2,260 companies had their ransomware infection details posted on Leak sites, an increase of 445 companies compared to the same period last year.

Based on the findings, the S2W Threat Intelligence Center developed an evaluation metric to assess the risk level of ransomware groups based on Activity, Influence, Brand Continuity, Extensibility, and Vulnerability.

As a result, the top 5 most dangerous ransomware groups in the first half of 2024 were BlackBasta, BlackSuit, Qilin, Ransomhub, and PLAY.

You can check the detailed insights on the ransomware groups, targeted entities, and countries through the images in the report and the link below.

📌 A total of 51 new ransomware groups were active during the first half of the year, with the largest number of new groups emerging in April, when 16 new groups were identified.

These new groups utilized a variety of channels, including the dark web, Telegram, X(formerly Twitter), and clearnet. Some groups were observed using or customizing existing ransomware by purchasing or using leaked source codes and builders from other groups.

📌 When categorizing ransomware victims by country, the United States experienced the highest number of attacks. The U.S. also saw the most significant increase in ransomware incidents compared to 2023, while Türkiye saw the largest decrease in the number of attacks.
By industry, the Manufacturing sector was the most heavily affected in the first half of 2024.

📌 Ransomware-related issues in the first half of 2024 were categorized into Version Control, Revealed Connections, Affiliates, Attack Techniques, Activity in Telegram and DDW, and Duplicated Victims. The number of recruitment posts and comments peaked in March and June 2024, which may be linked to a temporary decrease in ransomware attacks during those months.

😈 Report Authors:

S2W TALON Analysts HuiSeong Yang, HyeongJun Kim, SeungHo Lee

👉 Full Report:

https://bit.ly/3U7puxa

*The full report is available upon request.

Attachments

상반기 랜섬웨어 보고서_ 영문.png

News Highlights

DDW Weekly Highlights in October W1

2024.10.10

News Highlights

DDW Weekly Highlights in October W2

2024.10.17

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.