Categories: CyberCrimeSecurity

Experts Expect Ransomware Surge After Police Disruption

Security experts have warned of a likely rise in ransomware incidents in the second half of this year as criminal gangs recover from upheavals including law enforcement actions and the disappearance of a major group as part of an apparent scam.

Computer security firm ReliaQuest said it expects providers of ransomware infrastructure services to recover from such disruptions in the second half.

“We anticipate a more consistent rise in ransomware incidents in the second half of 2024 as affiliates resume normal operations,” the company said.

But it found the disruptions had contributed to exceptionally low ransomware figures for the first half, which was up only 1 percent over the same period a year earlier, as measured by the number of ransomware-affected organisations listed on gangs’ websites.

Image credit: FBI

Disruption

The first quarter saw a major downturn in ransomware activity due to the disruption of the LockBit gang in February and the disappearance of the AlphV group, also known as BlackCat, the company said.

Although activity rose 20 percent sequentially in the second quarter, the April-June period remained 13 percent down on the same period in 2023.

Such factors “suggest that the historical trend of rapid growth in ransomware activity has slowed”, the firm said.

Fluctuations in the second quarter showed the ongoing effects of the disruption, with 43 percent of the quarter’s victims disclosed on ransomware sites in May followed by unusually low figures for June, ReliaQuest found.

LockBit tried to recover in the second quarter and announced it had breached 179 organisations in May alone, contributing to the month’s high figures.

But security firms have said LockBit is struggling to maintain trust amongst the companies that use its tools to commit ransomware crimes.

LockBit takedown

In May LockBit’s leader was officially identified as Russian national Dimitri Khoroshev, and in a further blow to the organisation the FBI said in June that it was making more than 7,000 decryption keys available to affected organisations.

“We expect LockBit activity to significantly reduce in coming months as the group struggles to maintain trust among affiliates,” ReliaQuest said.

The increased frequency of law-enforcement actions and the availability of free decryption keys “may lead to an overall reduction in ransomware activity in the medium- to long-term”, the company said.

Such gangs offer ransomware-as-a-service (RaaS) tools that allow hackers to carry out attacks on organisations with minimal effort and expertise, in exchange for a portion of any ransom received.

‘Exit scam’

The infrastructure provider normally receives the payment before sending the portion due to the affiliate who carried out the attack, but affiliates must trust the provider to send them their cut.

In March this system took a blow with the disappearance of the gang AlphV, also known as BlackCat, which is believed to have received a $22 million (£17m) payment from dominant US healthcare payments provider Change Healthcare before disappearing without paying its affiliate.

A notice was displayed on the AlphV website claiming the gang was taken down by law enforcement groups including the FBI and the UK’s National Crime Agency, but the NCA said it was not involved in any such action, which along with other factors led security researchers to conclude AlphV’s departure was an “exit scam”.

The disruption facilitated the emergence of new players including BlackSuit and RansomHub, which allows affiliates to collect payments themselves.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

China Delegation Visits Brussels Over EV Tariffs

China sends senior-level trade officials to Brussels over upcoming EU tariffs on electric vehicles amidst…

8 hours ago

Huawei Launches World’s First Double-Hinged Smartphone

Huawei launches Mate XT, world's first tri-fold or double-hinged smartphone, as it challenges Apple for…

8 hours ago

X Updates Grok AI Chatbot Over Election Misinformation

X makes changes to xAI's Grok AI chatbot after five US secretaries of state take…

9 hours ago

China Says New Dutch Chip Export Rules Result Of ‘Coercion’

China says new Dutch export controls on chipmaking equpment result of US 'coercion' design to…

9 hours ago

iPhone 16 Gets Generative AI, Siri Upgrade

Apple launches iPhone 16 range with generative AI features, plus camera-based 'visual intelligence', new AirPods,…

10 hours ago

Google Goes On Trial In US Over Ad Tech Dominance

US trial of Google over ad tech market power begins, with forced divestiture of ad…

24 hours ago