Bitdefender Threat Debrief | May 2024

Martin Zugec

May 16, 2024

Bitdefender Threat Debrief | May 2024

Staying ahead of ransomware attackers is a constant battle for security specialists. By monitoring trends in victim data, attack methods, and targeted industries, we can gain valuable insights into the evolving tactics of these cybercriminals. In April 2024, we analyzed data from ransomware group websites, identifying a total of 418 claimed victims.

Now, let’s explore the most notable ransomware news and findings since our last edition:

  • LockBit Leader Unmasked: Law enforcement has identified and charged the leader of the LockBit ransomware group, Dmitry Yuryevich Khoroshev, a 31-year-old Russian national. While LockBit continues to post information about companies they've attacked, many of these listings seem to be repeats of previously published attacks. This lack of fresh victims suggests LockBit may be struggling to retain affiliates in the wake of this news. However, it's unclear what will happen to Dmitry, since he is located in Russia, a country with limited cooperation on cybercrime investigations.
  • Black Basta Ransomware Targets Critical Infrastructure: The Black Basta ransomware group has compromised data in healthcare and other critical sectors across North America, Europe, and Australia, impacting over 500 organizations since 2022. The FBI and CISA released a joint Cybersecurity Advisory (CSA) detailing the group's tactics and offering mitigation strategies.
  • INC Ransom may be up for grabs: INC Ransom is allegedly selling the source code for both Windows and Linux/ESXi versions of encryptors on hacking forums, limiting the offer to just three buyers for a hefty $300,000 price tag. This coincides with signs of internal changes within INC, possibly hinting at a break-up within the group or a move towards a new encryption method.
  • New ransomware groups: Several new ransomware groups emerged in April, including APT73 (linked to LockBit), DarkVault (possible LockBit copycat), Qiulong, and SpaceBears.

Top 10 Ransomware Families

Our monthly Threat Debrief analyzes data from ransomware leak sites, where attacker groups brag about their supposed victims. This approach provides valuable insights into the overall activity of the RaaS market. However, there's a trade-off: while it reflects attackers' self-proclaimed success, the information comes directly from criminals and might be unreliable. Additionally, this method only captures the number of claimed victims, not the actual financial impact of these attacks.

Top 10 Countries

Ransomware gangs prioritize targets where they can potentially squeeze the most money out of their victims. This often means focusing on developed countries. Now, let’s see the top 10 countries that took the biggest hit from these attacks.

About Bitdefender Threat Debrief

The Bitdefender Threat Debrief (BDTD) is a monthly series analyzing threat news, trends, and research from the previous month. Don’t miss the next BDTD release, subscribe to the Business Insights blog, and follow us on Twitter. You can find all previous debriefs here.

Bitdefender provides cybersecurity solutions and advanced threat protection to hundreds of millions of endpoints worldwide. More than 180 technology brands have licensed and added Bitdefender technology to their product or service offerings. This vast OEM ecosystem complements telemetry data already collected from our business and consumer solutions. To give you some idea of the scale, Bitdefender Labs discover 400+ new threats each minute and validate 30 billion threat queries daily. This gives us one of the industry’s most extensive real-time views of the evolving threat landscape.


We would like to thank bitdefenders Vlad Craciun, Mihai Leonte, Andrei Mogage, and Rares Radu (sorted alphabetically) for their help with putting this report together. 

tags


Author


Martin Zugec

Martin is technical solutions director at Bitdefender. He is a passionate blogger and speaker, focusing on enterprise IT for over two decades. He loves travel, lived in Europe, Middle East and now residing in Florida.

View all posts

You might also like

Bookmarks


loader