Barracuda Networks recently conducted research analyzing 200 reported incidents from August 2023 to July 2024. The findings involved 37 countries, 36 different ransomware groups, and included incidents in all industry sectors including financial services, infrastructure, education, municipalities, healthcare and more. Barracuda research highlights the most prevalent ransomware groups, ransomware-as-a-service (RaaS) models, targeted industries, and certain leading indicators of an unfolding ransomware attack. As stated in its blog post: “These results are a timely reminder that every organization in every industry is a potential target for ransomware.”
The most common ransomware groups operated under ransomware-as-a-service (RaaS) models. Notably, LockBit was responsible for one in six attacks over the past year, representing 18% of incidents in which the attacker’s identity was identified. ALPHV/BlackCat ransomware made up 14% of attacks, and Rhysida, a newer ransomware group, was linked to 8% of named incidents. Of these incidents, 21% targeted municipalities.
In the first half of 2024, Barracuda's detection data identified the leading indicators of ransomware activity: 44% of attacks were detected through monitoring for lateral movement, 25% were caught by systems analyzing file modifications for known ransomware signatures or suspicious patterns, and 14% were flagged for off-pattern behavior, where deviations from typical user, process, or application activity triggered alerts. As always, members are encouraged to regularly refer to CISA’s StopRansomware webpage, #StopRansomware Guide, and other associated resources.
Access the full annual review at Barracuda, for more information, visit Help Net Security.
Additional Resources
