Staying ahead of ransomware attackers is a constant battle for security specialists. By monitoring trends in victim data, attack methods, and targeted industries, we can gain valuable insights into the evolving tactics of these cybercriminals. We analyzed data from ransomware group websites in July 2024, identifying a total of 229 claimed victims.

Top 10 Ransomware Families

Bitdefender's Threat Debrief analyzes data from ransomware leak sites, where attacker groups publicize their claimed number of compromised companies. This approach provides valuable insights into the overall activity of the ransomware-as-a-service (RaaS) market. However, there's a trade-off: while it reflects attackers' self-proclaimed success, the information comes directly from criminals and might be unreliable. Additionally, this method only captures the number of claimed victims, not the actual financial impact of these attacks.

Now, let’s explore the most notable ransomware news and findings since our last edition:

LockBit ransomware is back in the Top 10 Ransomware Groups: Numerous LockBit attacks have been reported in the past month. This activity is notable because it occurred during a time when the ransomware operations of smaller entities and lone wolves were also on the rise.
Meow and DragonForce enter the Top 10 Ransomware Groups: Meow and DragonForce are now among the current Top 10 Ransomware groups. Meow is a group that recently exfiltrated forty gigabytes of data. They are known not only for launching cyberattacks, but also hosting sites to leak stolen data. DragonForce, a group that emerged in December of 2023, has seen great growth since their initial inception. One of the tools DragonForce uses shares commonalities with a LockBit (Black) variant.
Hunters International holds a rank in the Top 10 Ransomware Groups: Hunters International continues to launch campaigns against various victims and sectors. While there are questions surrounding their intentions and ties to Hive ransomware operations–which ceased following the law enforcement takedown in 2023–Hunters International has shown an ability to adapt and persist.
VMware ESXi vulnerability, CVE-2024-37085, continues to be exploited: Ransomware groups seeking admin access and equivalent privileges have repeatedly launched attacks that leverage a gap in the design of user permissions and group membership features in ESXi.
SEXi rebrands as APT Inc: The ransomware group formerly known as SEXi have maintained a pattern of attacks that target VMware ESXi and Windows servers. While their methods and tools are consistent with the attacks that they have executed in the months prior, they now operate under a new name.
The highest ransom payment is reported: A record-breaking ransom payment of $75 million was attributed to an attack by the Dark Angels group. While Dark Angels has a lower number of victims compared to other groups, their attack strategy and prioritization of targets are vital parts of their operations.
Amadev Botnet makes its return to the underground with improvements: Amadev Botnet, a malware that has been used in the past by groups like LockBit and BlackCat, now has an updated version. This version reportedly includes advanced capabilities to bypass anti-virus and detection solutions, making it a tool to observe for threat actors, their affiliates, and security researchers.

Top 10 Countries

Ransomware gangs prioritize targets where they can potentially squeeze the most money out of their victims. This often means focusing on developed countries. Now, let’s see the top 10 countries that took the biggest hit from these attacks.

About Bitdefender Threat Debrief

The Bitdefender Threat Debrief (BDTD) is a monthly series analyzing threat news, trends, and research from the previous month. Don’t miss the next BDTD release, subscribe to the Business Insights blog, and follow us on Twitter. You can find all previous debriefs here.

Bitdefender provides cybersecurity solutions and advanced threat protection to hundreds of millions of endpoints worldwide. More than 180 technology brands have licensed and added Bitdefender technology to their product or service offerings. This vast OEM ecosystem complements telemetry data already collected from our business and consumer solutions. To give you some idea of the scale, Bitdefender Labs discover 400+ new threats each minute and validate 30 billion threat queries daily. This gives us one of the industry’s most extensive real-time views of the evolving threat landscape.

We would like to thank the Bitdefenders Vlad Craciun, Mihai Leonte, Andrei Mogage, and Rares Radu (sorted alphabetically) for their help with putting this report together.