Ransomware Surge: Number Of Active Groups Rises By 56% In 2024 - 1

Image by Christiaan Colen, from Wikimedia Commons

Ransomware Surge: Number Of Active Groups Rises By 56% In 2024

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Searchlight Cyber just published a report revealing that the number of active ransomware groups has increased significantly in the first half of 2024. Despite this growth, the overall number of victims has declined, suggesting that law enforcement efforts are having an impact.

The report states that ransomware groups frequently appear, compete with each other, and sometimes vanish, only to return under new names. The ransomware scene has already changed significantly since the beginning of the year, and the report provides an update on those shifts.

One of the most notable developments mentioned in the report is the emergence of RansomHub, which quickly rose to become the third most prolific ransomware group. This group’s success is likely due to its connections with other established ransomware operators.

While ransomware groups continue their usual tactics, there has also been a significant law enforcement operation targeting the LockBit group, known as Operation Cronos. Although LockBit has not been fully defeated, the operation has weakened them, as stated on the report.

Despite these efforts, ransomware is still a major issue. In fact, the report states that the number of ransomware groups increased by 56% in the first half of 2024 compared to the same period in 2023.

However, the number of victims has decreased, which suggests that law enforcement actions are having some impact, as suggested on the report.

The report also notes that the top ransomware groups have also shifted. Long-time players like BlackCat and Cl0p have slowed down, while new groups like RansomHub have risen to prominence. LockBit remains the most active group, but it has also been affected by law enforcement efforts.

Ransomware-as-a-Service (RaaS) is still the dominant model, where groups lease their ransomware to others in exchange for a share of the profits.

The report concludes by warning, “Although some of the big players have been disrupted, we should be under no illusions: ransomware remains a persistent threat.”

North Korean Hackers Target Job Seekers With Fake Video Conferencing Apps - 2

Image by Beth Kanter, from Flickr

North Korean Hackers Target Job Seekers With Fake Video Conferencing Apps

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

North Korean hackers have started a new cyber attack using a fake video conferencing app that mimics FreeConference.com to infect developer systems, according to a report by Hacker News (HN). This attack is part of a larger campaign called “Contagious Interview,” designed to steal sensitive information for financial gain.

HN notes that the Singapore-based company Group-IB identified this attack in August 2024 . It targets both Windows and macOS systems. The hackers trick job seekers by pretending to offer fake job interviews, leading them to download malware disguised as a technical task.

The malware, called BeaverTail, allows the hackers to take control of the victim’s computer and steal data.

BeaverTail malware has evolved over time. Initially, it was spread through fake technical assessments using JavaScript code, but now it also spreads through Windows and macOS installers that appear legitimate, reports HN.

These installers, imitating popular video conferencing software, infect computers with an updated version of BeaverTail.

HN reports that the campaign, linked to the notorious Lazarus Group, continues to target job seekers through platforms like LinkedIn and Upwork. After initial contact, hackers direct victims to download malicious software through messaging apps like Telegram .

In addition to stealing personal information, the malware targets cryptocurrency wallets and browser data. The attack is ongoing, with hackers constantly refining their techniques.

Recently, the FBI warned that North Korean cyber criminals are aggressively targeting the cryptocurrency industry using social engineering attacks to steal digital assets, as reported by HN.