✅ Report Title:

Ransomware Landscape in H2 2024: Statistics and Key Issues

S2W’s Threat Intelligence Center, TALON, has published a detailed analysis report on ransomware group activity in the second half of 2024.

✅ Executive Summary:

This report analyzes ransomware group activity that occurred during the second half of 2024 (2024.07.01 ~ 2024.12.31).

The analysis focuses on ransomware groups operating leak sites and the organizations listed as victims on those sites.

In H2 2024, a total of 2,844 companies were reported to have been infected with ransomware on leak sites.

Despite takedowns of major groups such as LockBit, Dispossessor, and VANIR, the number of affected organizations increased by approximately 500 compared to the same period in 2023.

- A total of 85 ransomware groups were active in H2 2024, each attacking an average of 33 organizations.

- July alone saw 11 new ransomware groups, reflecting a rapidly evolving threat landscape.

- Large enterprises accounted for only 3.4% of all victim organizations, a decrease from 4% in H1 2024.

- The United States saw both the highest number of attacks and the largest increase in attack volume.

- The most affected industry was construction.

- An increase in ransomware damage was observed across all sectors.

- Key issues in H2 2024 were categorized into: Version Control, Revealed Connections, Affiliate Activity, Attack Techniques, DDW and Telegram Activity, Duplicated Victims, and Leaked/Exposed Data.

- Based on S2W’s internal risk evaluation, the top 5 highest-risk ransomware groups in H2 2024 were: Ransomhub, BlackSuit, AKIRA, BlackBasta, and Underground.

🧑‍💻 Author: S2W Threat Intelligence Center (TALON)

👉 Read the full report: https://bit.ly/3FTZPnt

*The full report is available upon request.