Security Byte: Ransomware Group surged in Q3 2024, changing its advantage

Ever Trend Zone May 14, 2025 Blog

SaveSavedRemoved 0

Deal Score0

evertrendzone security byte exclusively brings you Mosyle, the only Apple integrated platform. Simply work your Apple device and create an enterprise safe. Our unique integrated approach to management and security combines fully automated hardening and compliance, next-generation EDR, AI-powered Zero Trust, and cutting-edge Apple-specific security solutions for exclusive privilege management with the most powerful and modern Apple MDM on the market. As a result, the fully automated Apple Unified platform, currently trusted by over 45,000 organizations, can make millions of Apple devices function at an affordable cost. Request an extension test Understand why Mosil is everything you need to work with Apple today.

One of the leading cyber insurance providers, Corvus has published its quarterly cyber threat report for the third quarter of 2024, focusing on the shift ransomware situation. The rise in the number of ransomware attacks is not surprising to anyone, but the report outlines how cybercriminals can adopt a more aggressive strategy rather than waiting for the next mass explosion event.

About Security part-time jobs: Security Byte is a weekly security-centric queue for evertrendzone. Every week, Arin Weichuris It provides insight into data privacy, revealing vulnerabilities and highlighting emerging threats within Apple’s vast ecosystem of over 2 billion active devicess To help you still be safe.

Shift control

Most interestingly, Corvus’ latest cyber threat report claims that ransomware threat situations are increasingly distributed, with 59 active groups currently operating worldwide. The findings reveal a shift from dominance of key players (such as Lockbit 3.0 and Alphv) to more fragmented ecosystems.

This shift could be attributed to an increase in law enforcement activities for large corporations. Earlier this year, the FBI, Europol and the UK NCA successfully seized Lockbit’s infrastructure. Authorities have recovered more than 1,000 decryption keys for the victim. While the arrests were taking place, the Lockbit Group was persistent and still operates today. Therefore, it is “3.0” in Lockbit 3.0. Alphv has also experienced a similar takedown.

As exists today, ransomware groups are primarily run as Raas (Ransomware-as-a-Service) businesses. This means that malware developers (or operators) will pay for malicious packages and direct people who have little software, and affiliate marketing, usually less technical knowledge, to the person they like. Operators handle payment processing and customer service for victims, and in many cases reduce ransom at the end.

Now that authorities have successfully defeated these key operators, it is likely that the relevant criminals have twice thoughts about who they will work with. Choose a car that doesn’t have a history, essentially coincidental. When authorities successfully remove these major groups, they often access internal systems, administrative panels, and communication channels, pose a great risk to associated offenders. Research can reveal operational details, cryptocurrency transactions records, and crumb trajectories that can return to affiliate identity.

This new reality appears to direct affiliate marketing to smaller, more agile ransomware operations.

According to Corvus, new groups like Ransomhub, which has increased 160% in casualties, show how affiliate preferences are changing. These small groups can better attract affiliates by providing more competitive conditions and providing better protection through more focused operations.

Other important highlights from the report: