GuidePoint Security’s GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity. According to the report, Q1 closed with a significant year-over-year increase in both the number of reported ransomware victims and the number of overall ransomware groups.  

The report indicates that the ransomware ecosystem has become much more volatile with prolific Ransomware-as-a-Service (RaaS) groups like Alphv and LockBit shifting their operational activities, and smaller RaaS groups attempting to recruit disaffected or displaced affiliates. This shift in behavioral patterns also includes the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Manufacturing, Retail & Wholesale, Healthcare and Consulting organizations represent the majority of publicly posted ransomware victims, with Healthcare remaining as one of the most targeted industries.

Drew Schmitt, Practice Lead at GRIT, stated “as the ransomware ecosystem responds to recent events with long standing, highly-impactful groups, we anticipate an upward trend in opportunistic and indiscrete attacks regardless of industry and previous RaaS norms. It’s also likely that some portion of relatively less mature emerging and developing groups maintain a steady enough increase in operations to become new long-standing established groups.” For the full GRIT 2024 Ransomware Report, access GuidePoint. For more information, visit Help Net Security.