For HomeFor BusinessFor Partners
Ransomware Bitdefender Threat Debrief
6 min read

Bitdefender Threat Debrief | August 2024

Jade Brown

August 15, 2024

Bitdefender Threat Debrief | August 2024

Staying ahead of ransomware attackers is a constant battle for security specialists. By monitoring trends in victim data, attack methods, and targeted industries, we can gain valuable insights into the evolving tactics of these cybercriminals. We analyzed data from ransomware group websites in July 2024, identifying a total of 229 claimed victims.

Top 10 Ransomware Families

Bitdefender's Threat Debrief analyzes data from ransomware leak sites, where attacker groups publicize their claimed number of compromised companies. This approach provides valuable insights into the overall activity of the ransomware-as-a-service (RaaS) market. However, there's a trade-off: while it reflects attackers' self-proclaimed success, the information comes directly from criminals and might be unreliable. Additionally, this method only captures the number of claimed victims, not the actual financial impact of these attacks.

Now, let’s explore the most notable ransomware news and findings since our last edition:

  • LockBit ransomware is back in the Top 10 Ransomware Groups: Numerous LockBit attacks have been reported in the past month. This activity is notable because it occurred during a time when the ransomware operations of smaller entities and lone wolves were also on the rise.
  • Meow and DragonForce enter the Top 10 Ransomware Groups: Meow and DragonForce are now among the current Top 10 Ransomware groups. Meow is a group that recently exfiltrated forty gigabytes of data. They are known not only for launching cyberattacks, but also hosting sites to leak stolen data. DragonForce, a group that emerged in December of 2023, has seen great growth since their initial inception. One of the tools DragonForce uses shares commonalities with a LockBit (Black) variant.
  • Hunters International holds a rank in the Top 10 Ransomware Groups: Hunters International continues to launch campaigns against various victims and sectors. While there are questions surrounding their intentions and ties to Hive ransomware operations–which ceased following the law enforcement takedown in 2023–Hunters International has shown an ability to adapt and persist.
  • VMware ESXi vulnerability, CVE-2024-37085, continues to be exploited: Ransomware groups seeking admin access and equivalent privileges have repeatedly launched attacks that leverage a gap in the design of user permissions and group membership features in ESXi.
  • SEXi rebrands as APT Inc: The ransomware group formerly known as SEXi have maintained a pattern of attacks that target VMware ESXi and Windows servers. While their methods and tools are consistent with the attacks that they have executed in the months prior, they now operate under a new name.
  • The highest ransom payment is reported: A record-breaking ransom payment of $75 million was attributed to an attack by the Dark Angels group. While Dark Angels has a lower number of victims compared to other groups, their attack strategy and prioritization of targets are vital parts of their operations.  
  • Amadev Botnet makes its return to the underground with improvements: Amadev Botnet, a malware that has been used in the past by groups like LockBit and BlackCat, now has an updated version. This version reportedly includes advanced capabilities to bypass anti-virus and detection solutions, making it a tool to observe for threat actors, their affiliates, and security researchers.

Top 10 Countries

Ransomware gangs prioritize targets where they can potentially squeeze the most money out of their victims. This often means focusing on developed countries. Now, let’s see the top 10 countries that took the biggest hit from these attacks.

About Bitdefender Threat Debrief

The Bitdefender Threat Debrief (BDTD) is a monthly series analyzing threat news, trends, and research from the previous month. Don’t miss the next BDTD release, subscribe to the Business Insights blog, and follow us on Twitter. You can find all previous debriefs here.

Bitdefender provides cybersecurity solutions and advanced threat protection to hundreds of millions of endpoints worldwide. More than 180 technology brands have licensed and added Bitdefender technology to their product or service offerings. This vast OEM ecosystem complements telemetry data already collected from our business and consumer solutions. To give you some idea of the scale, Bitdefender Labs discover 400+ new threats each minute and validate 30 billion threat queries daily. This gives us one of the industry’s most extensive real-time views of the evolving threat landscape.

We would like to thank the Bitdefenders Vlad Craciun, Mihai Leonte, Andrei Mogage, and Rares Radu (sorted alphabetically) for their help with putting this report together. 

tags

Ransomware Bitdefender Threat Debrief

Author

Jade Brown

Jade Brown

Jade Brown is a threat researcher at Bitdefender. A cybersecurity thought leader who is passionate about contributing to operations that involve cybersecurity strategy and threat research, she also has extensive experience in intelligence analysis and investigation.

View all posts

Right now Top posts

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again
Ransomware Threat Research Threat Intelligence

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again

November 13, 2024

Bitdefender Threat Debrief | November 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | November 2024

November 07, 2024

5 Approaches to Counter a Cybercriminal’s Growing Arsenal
Enterprise Security Threat Research

5 Approaches to Counter a Cybercriminal’s Growing Arsenal

November 06, 2024

Bitdefender Threat Debrief | October 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | October 2024

October 10, 2024

FOLLOW US ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Don’t miss out on exclusive content and exciting announcements!

You might also like

Empowering MSP Workflows: Bitdefender’s New ConnectWise PSA Integration Update
Enterprise Security Endpoint Protection & Management

Empowering MSP Workflows: Bitdefender’s New ConnectWise PSA Integration Update
Bitdefender Enterprise

November 21, 2024

Security Advisory: Adversaries Abuse Microsoft Teams and Quick Assist
Enterprise Security Endpoint Detection and Response

Security Advisory: Adversaries Abuse Microsoft Teams and Quick Assist
Jade Brown and Nikki Salas

November 20, 2024

Balancing User Experience with Security: A New Frontier for CISOs in Minimizing Business Risk Exposure
Enterprise Security Endpoint Protection & Management Endpoint Detection and Response

Balancing User Experience with Security: A New Frontier for CISOs in Minimizing Business Risk Exposure
Daniel Daraban

November 19, 2024

Bookmarks

loader